Does PixelYourSite – Your smart PIXEL (TAG) & API Manager have any unpatched vulnerabilities?

No. All known vulnerabilities in PixelYourSite – Your smart PIXEL (TAG) & API Manager have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is PixelYourSite – Your smart PIXEL (TAG) & API Manager compatible with WordPress 6.9.4?

According to WordPress.org data, PixelYourSite – Your smart PIXEL (TAG) & API Manager 11.2.0.3 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Is PixelYourSite – Your smart PIXEL (TAG) & API Manager compatible with PHP 5.4+?

PixelYourSite – Your smart PIXEL (TAG) & API Manager requires PHP 5.4 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

What is PixelYourSite – Your smart PIXEL (TAG) & API Manager's security score?

PixelYourSite – Your smart PIXEL (TAG) & API Manager has a WP-Safety security score of 89/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

PixelYourSite – Your smart PIXEL (TAG) & API Manager Security & Risk Analysis

wordpress.org/plugins/pixelyoursite

Add Meta Pixel with Conversion API, Google Analytics (GA4) + Consent Mode, Google Tag Manager, and Head & Footer scripts.

500K active installs v11.2.0.3 PHP 5.4+ WP 4.4+ Updated Feb 23, 2026

google-analytics-4google-consent-mode-v2google-tag-managermeta-conversion-apimeta-pixel

A · Safe

CVEs total11

Unpatched0

Last CVEFeb 13, 2026

Plugin page Download

Safety Verdict

Is PixelYourSite – Your smart PIXEL (TAG) & API Manager Safe to Use in 2026?

Generally Safe

Score 89/100

PixelYourSite – Your smart PIXEL (TAG) & API Manager has a strong security track record. Known vulnerabilities have been patched promptly.

11 known CVEsLast CVE: Feb 13, 2026Updated 1mo ago

Risk Assessment

The "pixelyoursite" v11.2.0.3 plugin presents a mixed security posture. While it demonstrates good practices in areas like prepared statement usage for SQL queries and output escaping, significant concerns arise from its attack surface and historical vulnerability patterns. A considerable portion of its AJAX handlers lack authentication checks, creating an accessible entry point for potential attackers. Furthermore, the presence of the `unserialize` function, combined with taint analysis revealing flows with unsanitized paths, indicates a risk of deserialization vulnerabilities if user-controlled data is passed to this function without proper sanitization. The plugin's vulnerability history, marked by a substantial number of past CVEs, particularly those related to Cross-Site Scripting, Sensitive Information Exposure, and Remote File Inclusion, suggests a recurring pattern of security weaknesses that attackers may attempt to exploit. While there are no currently unpatched CVEs, the plugin's past indicates a need for vigilance.

Key Concerns

Unprotected AJAX handlers
Taint flows with unsanitized paths
Dangerous function: unserialize
High number of historical CVEs (11)
Past high severity vulnerabilities
Bundled libraries (Select2, Guzzle)

Vulnerabilities

PixelYourSite – Your smart PIXEL (TAG) & API Manager Security Vulnerabilities

CVEs by Year

1 CVE in 2018

2018

2 CVEs in 2023

2023

2 CVEs in 2024

2024

5 CVEs in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

11 total CVEs

CVE-2026-1841high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PixelYourSite <= 11.2.0 - Unauthenticated Stored Cross-Site Scripting

Feb 13, 2026 Patched in 11.2.0.1 (11d)

CVE-2025-14280medium · 5.3Exposure of Sensitive Information to an Unauthorized Actor

PixelYourSite <= 11.1.5 - Sensitive Information Exposure via Log File

Dec 29, 2025 Patched in 11.1.5.1 (1d)

CVE-2025-10723medium · 6.6Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

PixelYourSite – Your smart PIXEL (TAG) Manager < 11.1.2 - Authenticated (Administrator+) Local File Inclusion

Oct 24, 2025 Patched in 11.1.2 (6d)

CVE-2025-10588medium · 4.3Cross-Site Request Forgery (CSRF)

PixelYourSite <= 11.1.2 – Cross-Site Request Forgery to GDPR Options Modification

Oct 21, 2025 Patched in 11.1.3 (58d)

CVE-2025-0769high · 8.1Deserialization of Untrusted Data

PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 10.1.1.1 - Unauthenticated PHP Object Injection

Feb 28, 2025 Patched in 10.1.1.2 (4d)

CVE-2025-22300medium · 4.3Cross-Site Request Forgery (CSRF)

PixelYourSite – Your smart PIXEL (TAG) Manager <= 10.0.1.2 - Cross-Site Request Forgery

Jan 6, 2025 Patched in 10.0.2 (10d)

CVE-2024-7870medium · 6.5Improper Authentication

PixelYourSite – Your smart PIXEL (TAG) & API Manager <= 9.7.1 and PixelYourSite PRO <= 10.4.2 - Unauthenticated Information Exposure and Log Deletion

Sep 3, 2024 Patched in 9.7.2 (1d)

CVE-2024-37447medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PixelYourSite – Your smart PIXEL (TAG) Manager <= 9.6.1.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jun 28, 2024 Patched in 9.6.2 (5d)

CVE-2023-2584medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PixelYourSite <= 9.3.6 and PixelYourSite Pro <= 9.6.1 - Authenticated (Administrator+) Stored Cross-Site Scripting

May 16, 2023 Patched in 9.3.7 (252d)

CVE-2023-22700medium · 4.3Cross-Site Request Forgery (CSRF)

PixelYourSite <= 9.3.0 - Cross-Site Request Forgery

Jan 20, 2023 Patched in 9.3.1 (368d)

CVE-2018-0578medium · 5.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

PixelYourSite <= 5.2.1 - Reflected Cross-Site Scripting

Apr 27, 2018 Patched in 5.3.0 (2097d)

Code Analysis

Analyzed Mar 16, 2026

PixelYourSite – Your smart PIXEL (TAG) & API Manager Code Analysis

Dangerous Functions

Raw SQL Queries

31 prepared

Unescaped Output

157

884 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$this->conditions = !empty( $conditions ) ? unserialize( $conditions ) : array();includes\class-custom-event.php:256

unserialize$this->triggers = !empty( $triggers ) ? unserialize( $triggers ) : array();includes\class-custom-event.php:259

unserialize$oldData = unserialize(base64_decode($this->_body_data['data']), ['allowed_classes' => [modules\facebook\facebook-server-async-task.php:15

unserialize$data = unserialize(base64_decode($_POST['data']), ['allowed_classes' => [modules\facebook\facebook-server-async-task.php:37

Bundled Libraries

Select2Guzzle

SQL Query Safety

94% prepared33 total queries

Output Escaping

85% escaped1041 total outputs

Data Flows

4 unsanitized

Data Flow Analysis

10 flows4 with unsanitized paths

init (includes\class-pys.php:151)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

11 unprotected

PixelYourSite – Your smart PIXEL (TAG) & API Manager Attack Surface

Entry Points16

Unprotected11

AJAX Handlers 15

authwp_ajax_pys_fixed_notice_dismissincludes\class-fixed-notices.php:41

authwp_ajax_pys_fixed_notice_opt_dismissincludes\class-fixed-notices.php:42

authwp_ajax_pys_optin_addincludes\class-optin-notices.php:37

noprivwp_ajax_pys_optin_addincludes\class-optin-notices.php:38

authwp_ajax_pys_get_gdpr_filters_valuesincludes\class-pys.php:116

noprivwp_ajax_pys_get_gdpr_filters_valuesincludes\class-pys.php:117

authwp_ajax_pys_get_pbidincludes\class-pys.php:120

noprivwp_ajax_pys_get_pbidincludes\class-pys.php:121

authwp_ajax_pys_notice_dismissincludes\functions-admin.php:472

authwp_ajax_pys_notice_CAPI_dismissincludes\functions-admin.php:548

authwp_ajax_pys_notice_UA_dismissincludes\functions-admin.php:681

authwp_ajax_get_transform_titleincludes\functions-admin.php:1033

noprivwp_ajax_get_transform_titleincludes\functions-admin.php:1034

authwp_ajax_pys_api_eventmodules\facebook\facebook-server.php:57

noprivwp_ajax_pys_api_eventmodules\facebook\facebook-server.php:58

REST API Routes 1

POST/wp-json/pys-facebook/v1/eventmodules\facebook\class-facebook-rest-api.php:25

WordPress Hooks 110

actionbefore_woocommerce_initfacebook-pixel-master.php:48

actionwp_footerincludes\class-events-manager-ajax_hook.php:72

actionwoocommerce_add_to_cartincludes\class-events-manager-ajax_hook.php:73

filterwoocommerce_add_to_cart_fragmentsincludes\class-events-manager-ajax_hook.php:75

actionwp_footerincludes\class-events-manager-ajax_hook.php:77

actionwoocommerce_after_add_to_cart_buttonincludes\class-events-manager-ajax_hook.php:80

actionwp_enqueue_scriptsincludes\class-events-manager.php:24

actionwp_enqueue_scriptsincludes\class-events-manager.php:25

actionwp_enqueue_scriptsincludes\class-events-manager.php:26

actionwp_footerincludes\class-events-manager.php:27

filterscript_loader_tagincludes\class-events-manager.php:30

actionedd_purchase_link_endincludes\class-events-manager.php:273

actionwoocommerce_after_shop_loop_itemincludes\class-events-manager.php:283

actionwoocommerce_after_add_to_cart_buttonincludes\class-events-manager.php:284

filterwoocommerce_blocks_product_grid_item_htmlincludes\class-events-manager.php:285

filterjet-woo-builder/elementor-views/frontend/archive-item-contentincludes\class-events-manager.php:286

filterpys_conditional_post_idincludes\class-events-manager.php:590

actioninitincludes\class-fixed-notices.php:25

actionadmin_noticesincludes\class-fixed-notices.php:40

actioninitincludes\class-optin-notices.php:22

actionadmin_noticesincludes\class-optin-notices.php:39

filtersite_transient_update_pluginsincludes\class-plugin-updater.php:71

filterplugins_apiincludes\class-plugin-updater.php:72

actionadmin_initincludes\class-plugin-updater.php:75

filtersite_transient_update_pluginsincludes\class-plugin-updater.php:213

actionadmin_initincludes\class-pys.php:65

actionadmin_initincludes\class-pys.php:66

actionwpincludes\class-pys.php:69

actioninitincludes\class-pys.php:70

actioninitincludes\class-pys.php:71

actioninitincludes\class-pys.php:72

actionadmin_menuincludes\class-pys.php:74

actionadmin_enqueue_scriptsincludes\class-pys.php:75

actionadmin_noticesincludes\class-pys.php:76

actionadmin_initincludes\class-pys.php:77

actionadmin_initincludes\class-pys.php:78

actiontemplate_redirectincludes\class-pys.php:97

actionwp_loginincludes\class-pys.php:99

actionuser_registerincludes\class-pys.php:101

filterpys_core_settings_sanitize_admin_permissions_fieldincludes\class-pys.php:103

actiondeactivate_pixel-cost-of-goods/pixel-cost-of-goods.phpincludes\class-pys.php:125

actionwoocommerce_checkout_order_processedincludes\class-pys.php:130

actionwoocommerce_checkout_update_order_metaincludes\class-pys.php:131

actionwoocommerce_store_api_checkout_update_order_metaincludes\class-pys.php:133

actionedd_insert_paymentincludes\class-pys.php:139

actionedd_recurring_record_paymentincludes\class-pys.php:142

filterfacebook_for_woocommerce_integration_pixel_enabledincludes\class-pys.php:241

actionRCB/Templates/TechnicalHandlingIntegrationincludes\class-pys.php:272

actionwp_headincludes\class-pys.php:419

actionwp_headincludes\class-pys.php:430

actionwp_headincludes\class-pys.php:551

actionwp_headincludes\class-pys.php:563

actionadmin_noticesincludes\class-pys.php:1062

actionwoocommerce_new_orderincludes\enrich\class_enrich_order.php:20

actionwoocommerce_subscription_renewal_payment_completeincludes\enrich\class_enrich_order.php:23

actionadd_meta_boxesincludes\enrich\class_enrich_order.php:25

actionwoocommerce_email_customer_detailsincludes\enrich\class_enrich_order.php:27

filteredd_payment_metaincludes\enrich\class_enrich_order.php:33

actionedd_view_order_details_main_afterincludes\enrich\class_enrich_order.php:34

filterpys_event_factoryincludes\events\class-events-automatic.php:36

filterpys_event_factoryincludes\events\class-events-custom.php:20

filterpys_event_factoryincludes\events\class-events-edd.php:36

filterpys_event_factoryincludes\events\class-events-fdp.php:33

filterpys_event_factoryincludes\events\class-events-woo.php:62

filterpys_form_event_factoryincludes\formEvents\CF7\class-formEvent-CF7.php:32

filterpys_form_event_factoryincludes\formEvents\ElementorForm\ElementorForm.php:26

filterpys_form_event_factoryincludes\formEvents\FluentForm\class-formEvent-FluentForm.php:29

filterpys_form_event_factoryincludes\formEvents\Formidable\class-formEvent-Formidable.php:32

filterpys_form_event_factoryincludes\formEvents\forminator\class-formEvent-Forminator.php:29

filterpys_form_event_factoryincludes\formEvents\NinjaForm\class-formEvent-NinjaForm.php:29

filterpys_form_event_factoryincludes\formEvents\WPForms\class-formEvent-WPForms.php:29

filterpys_form_event_factoryincludes\formEvents\WSForm\class-formEvent-WSForm.php:27

actionwp_headincludes\functions-common.php:499

actionplugins_loadedincludes\functions-migrate.php:27

actionadmin_initincludes\functions-system-report.php:221

actionpys_admin_pixel_idsmodules\bing\bing.php:24

actionrest_api_initmodules\facebook\class-facebook-rest-api.php:18

actionwp_enqueue_scriptsmodules\facebook\class-facebook-rest-api.php:192

actionadmin_enqueue_scriptsmodules\facebook\class-facebook-rest-api.php:193

actioninitmodules\facebook\facebook-server.php:44

actionwoocommerce_checkout_update_order_metamodules\facebook\facebook-server.php:54

actionwoocommerce_store_api_checkout_update_order_metamodules\facebook\facebook-server.php:56

actionwoocommerce_remove_cart_itemmodules\facebook\facebook-server.php:59

filterpys_woo_checkout_order_idmodules\facebook\facebook-server.php:116

filterpys_conditional_post_idmodules\facebook\facebook-server.php:151

actionpys_register_pixelsmodules\facebook\facebook.php:42

filterpys_facebook_settings_sanitize_verify_meta_tag_fieldmodules\facebook\facebook.php:47

actionwp_headmodules\facebook\facebook.php:48

actionpys_register_pixelsmodules\google_analytics\ga.php:39

actionpys_register_pixelsmodules\google_gtm\gtm.php:40

actioninitmodules\google_gtm\gtm.php:45

actionwp_headmodules\google_gtm\gtm.php:53

actioninitmodules\google_tags\gatags.php:45

actionwp_headmodules\google_tags\gatags.php:53

actiontemplate_redirectmodules\google_tags\gatags.php:54

actionshutdownmodules\google_tags\gatags.php:55

actionpys_register_pluginsmodules\head_footer\head_footer.php:40

actiontemplate_redirectmodules\head_footer\head_footer.php:44

actioninitmodules\head_footer\head_footer.php:45

actionadd_meta_boxesmodules\head_footer\head_footer.php:51

actionsave_postmodules\head_footer\head_footer.php:52

actionwp_headmodules\head_footer\head_footer.php:142

actionwp_footermodules\head_footer\head_footer.php:149

actionwp_headmodules\head_footer\head_footer.php:171

actionwp_footermodules\head_footer\head_footer.php:178

actionwp_headmodules\head_footer\head_footer.php:191

actionwp_footermodules\head_footer\head_footer.php:198

actionpys_admin_pixel_idsmodules\pinterest\pinterest.php:28

actionpys_admin_pixel_idsmodules\reddit\reddit.php:24

actioninitpixelyoursite.php:87

Maintenance & Trust

PixelYourSite – Your smart PIXEL (TAG) & API Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedFeb 23, 2026

PHP min version5.4

Downloads18.9M

Community Trust

Rating86/100

Number of ratings261

Active installs500K

Alternatives

PixelYourSite – Your smart PIXEL (TAG) & API Manager Alternatives

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

duracelltomi-google-tag-manager

Advanced tag management for WordPress with Google Tag Manager

700K 3 CVEs

Kliken: Ads + Pixel for Meta

kliken-ads-pixel-for-meta

100

Drive Sales on Facebook and Instagram in 5 minutes—upload your catalog, implement the Meta Pixel & Conversions API, and grow via Meta Advantage+ now.

50K No CVEs

Beautiful Cookie Consent Banner

beautiful-and-responsive-cookie-consent

Free and beautiful Cookie Consent Banner to make your website compliant. Highly customizable and not loading any files from 3rd party servers.

40K 4 CVEs

Pixel Cat – Conversion Pixel Manager

facebook-conversion-pixel

Add Meta & Facebook Pixel, Google Analytics (GA4) and any header script to your site. Everything you need to track users, ads, events & conversions.

40K 4 CVEs

Beehive Analytics – Google Analytics Dashboard

beehive-analytics

100

View visitor stats and track user behavior from within WordPress. A Google Analytics plugin with dashboard reports and Google Tag Manager support.

30K No CVEs

Developer Profile

PixelYourSite – Your smart PIXEL (TAG) & API Manager Developer Profile

PixelYourSite

2 plugins · 508K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

246 days

View full developer profile

Detection Fingerprints

How We Detect PixelYourSite – Your smart PIXEL (TAG) & API Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/pixelyoursite/dist/js/pys-analytics.js/wp-content/plugins/pixelyoursite/dist/js/pys-gdpr.js/wp-content/plugins/pixelyoursite/dist/js/pys-settings.js/wp-content/plugins/pixelyoursite/dist/js/pys.js/wp-content/plugins/pixelyoursite/dist/js/pys-woo.js/wp-content/plugins/pixelyoursite/dist/css/pys-admin.css

Script Paths

/wp-content/plugins/pixelyoursite/dist/js/pys.js

Version Parameters

pixelyoursite/dist/js/pys-analytics.js?ver=pixelyoursite/dist/js/pys-gdpr.js?ver=pixelyoursite/dist/js/pys-settings.js?ver=pixelyoursite/dist/js/pys.js?ver=pixelyoursite/dist/js/pys-woo.js?ver=

HTML / DOM Fingerprints

CSS Classes

pys-settings-containerpys_admin_settings

HTML Comments

Data Attributes

data-cookieconsent

JS Globals

pys

REST Endpoints

/wp-json/pixelyoursite/v1/

FAQ

PixelYourSite – Your smart PIXEL (TAG) & API Manager Security & Risk Analysis

Is PixelYourSite – Your smart PIXEL (TAG) & API Manager Safe to Use in 2026?

Generally Safe

Key Concerns

PixelYourSite – Your smart PIXEL (TAG) & API Manager Security Vulnerabilities

CVEs by Year

Severity Breakdown

PixelYourSite – Your smart PIXEL (TAG) & API Manager Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

Data Flow Analysis

PixelYourSite – Your smart PIXEL (TAG) & API Manager Attack Surface

AJAX Handlers 15

REST API Routes 1

PixelYourSite – Your smart PIXEL (TAG) & API Manager Maintenance & Trust

Maintenance Signals

Community Trust

PixelYourSite – Your smart PIXEL (TAG) & API Manager Alternatives

GTM4WP – A Google Tag Manager (GTM) plugin for WordPress

Kliken: Ads + Pixel for Meta

Beautiful Cookie Consent Banner

Pixel Cat – Conversion Pixel Manager

Beehive Analytics – Google Analytics Dashboard

PixelYourSite – Your smart PIXEL (TAG) & API Manager Developer Profile

How We Detect PixelYourSite – Your smart PIXEL (TAG) & API Manager

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about PixelYourSite – Your smart PIXEL (TAG) & API Manager