CVE-2023-2584
The PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 9.3.6 (9.6.1 in the Pro version) due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
We have discovered 69,137 live websites that are affected by CVE-2023-2584.
Affected Software
| Product | |
| Category | Analytics |
| Vulnerable Domains | 69,137 live websites (67.54% of PixelYourSite install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 165 versions ( 85.49% of all versions) |
Details
- Published - Jun 9, 2023
- Updated - Feb 5, 2025
Credits
- Marco Wotschka (finder)
CVE References
CVE-2023-2584 usage by Country
 United States | 26,732 websites |
 Germany | 5,734 websites |
 France | 3,371 websites |
 Brazil | 3,137 websites |
 Poland | 2,721 websites |
 Spain | 2,290 websites |
 Italy | 2,285 websites |
 Cyprus | 2,043 websites |
 Netherlands | 1,878 websites |
 GB | 1,819 websites |
CVE-2023-2584 usage by TLD
| .com | 30,173 websites |
| .com.br | 5,015 websites |
| .pl | 2,294 websites |
| .it | 2,203 websites |
| .nl | 1,873 websites |
| .de | 1,678 websites |
| .com.au | 1,589 websites |
| .co.uk | 1,512 websites |
| .dk | 1,251 websites |
| .es | 1,181 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2023-2584
Top websites that are affected by CVE-2023-2584. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.com | United States | *,*** | |
| *********.com | United States | *,*** | |
| *************.***.au | United States | **,*** | |
| **********.com | United States | **,*** | |
| *****.app |  Bulgaria | **,*** | |
| *******.com | United States | **,*** | |
| **********.jp |  Japan | **,*** | |
| ************.org | United States | **,*** | |
| ***********.org | Germany | **,*** | |
| *****************.**.uk | United States | **,*** |
FAQ
A total of 69,137 websites have been identified as vulnerable to CVE-2023-2584, discovered through global website indexing conducted by WebTechSurvey.
PixelYourSite is susceptible to CVE-2023-2584 vulnerability.
PixelYourSite versions before, and including, 9.6.1 are vulnerable to CVE-2023-2584.
References
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5ebf1e83-50b8-4f56-ba76-10100375edda?source=cve
- https://plugins.trac.wordpress.org/browser/pixelyoursite/trunk/modules/head_footer/head_footer.php?rev=2773949#L73
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2912301%40pixelyoursite%2Ftrunk&old=2897911%40pixelyoursite%2Ftrunk&sfp_email=&sfph_mail=#file2