A high-severity Stored XSS vulnerability in the PixelYourSite plugin allows attackers to inject malicious scripts into the WordPress admin dashboard, potentially leading to session hijacking.

The vulnerability is caused by insufficient input sanitization and output escaping on the 'pysTrafficSource' and 'pys_landing_page' parameters. This allows an attacker to inject arbitrary web scripts that execute whenever a user accesses the affected page.

Stored XSS can be used to hijack administrative sessions, steal sensitive cookies, or redirect users to malicious websites. Since the script is stored on the server, it can impact any administrator viewing the plugin's reports, leading to a potential full site compromise. The CVSS score is 7.2.

Immediate Action: Update the PixelYourSite plugin to the latest version (version 12 or higher) to ensure all inputs are properly sanitized.

Proactive Monitoring: Monitor for suspicious JavaScript execution in the browser console when accessing the WordPress dashboard and review logs for unusual traffic to the plugin's settings.

Compensating Controls: Implement a strong Content Security Policy (CSP) to restrict the sources from which scripts can be executed and mitigate the impact of XSS.

Public Exploit Available: false

Remediate this vulnerability immediately by applying the vendor's update. Stored XSS is a reliable method for attackers to gain administrative access by targeting the users who manage the site.