CVE-2026-7613

PixelYourSite · Cost of Goods by PixelYourSite

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the 'csvdata[0][cost_of_goods_value]' parameter.

Executive summary

The Cost of Goods by PixelYourSite plugin for WordPress is susceptible to Stored Cross-Site Scripting, allowing attackers to inject malicious scripts into the application.

Vulnerability

This is a Stored Cross-Site Scripting (XSS) vulnerability occurring via the 'csvdata[0][cost_of_goods_value]' parameter. Exploitation likely requires the attacker to have at least low-level authenticated access to the WordPress dashboard to input malicious data.

Business impact

With a CVSS score of 7.2, this vulnerability represents a High risk. Successful exploitation could allow an attacker to execute arbitrary scripts in the context of an administrator's browser, potentially leading to unauthorized plugin configuration changes or session hijacking.

Remediation

Immediate Action: Update the Cost of Goods by PixelYourSite plugin to the latest available version provided by the vendor.

Proactive Monitoring: Monitor WordPress administrative logs for unusual activity or suspicious modifications to plugin settings.

Compensating Controls: Implement a Web Application Firewall (WAF) with XSS protection rules enabled to filter malicious payloads targeting the vulnerable parameter.

Exploitation status

Public Exploit Available: false

Analyst recommendation

Store-based XSS vulnerabilities are frequently targeted for session theft. We strongly recommend updating the plugin immediately and auditing user accounts with administrative capabilities to ensure no unauthorized persistence has been established.