CVE-2026-7613
PixelYourSite · Cost of Goods by PixelYourSite
The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'csvdata[0][cost_of_goods_value]' parameter.
Executive summary
The Cost of Goods by PixelYourSite plugin for WordPress is susceptible to Stored Cross-Site Scripting, allowing attackers to inject malicious scripts into the application.
Vulnerability
This is a Stored Cross-Site Scripting (XSS) vulnerability occurring via the 'csvdata[0][cost_of_goods_value]' parameter. Exploitation likely requires the attacker to have at least low-level authenticated access to the WordPress dashboard to input malicious data.
Business impact
With a CVSS score of 7.2, this vulnerability represents a High risk. Successful exploitation could allow an attacker to execute arbitrary scripts in the context of an administrator's browser, potentially leading to unauthorized plugin configuration changes or session hijacking.
Remediation
Immediate Action: Update the Cost of Goods by PixelYourSite plugin to the latest available version provided by the vendor.
Proactive Monitoring: Monitor WordPress administrative logs for unusual activity or suspicious modifications to plugin settings.
Compensating Controls: Implement a Web Application Firewall (WAF) with XSS protection rules enabled to filter malicious payloads targeting the vulnerable parameter.
Exploitation status
Public Exploit Available: false
Analyst recommendation
Store-based XSS vulnerabilities are frequently targeted for session theft. We strongly recommend updating the plugin immediately and auditing user accounts with administrative capabilities to ensure no unauthorized persistence has been established.