Cyber Posture

CVE-2026-7613

High
Microsoft: not affectedMSmacOS: not affectedMacLinux: not affectedLnxMobile: not affectedMobNetwork: not affectedNetApplication: not affectedAppOther: affectedOth

Published: 20 May 2026

Published
20 May 2026
Modified
20 May 2026
KEV Added
Patch
CVSS Score 7.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
EPSS Score N/A
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-7613 is a high-severity Cross-site Scripting (CWE-79) vulnerability in Pixelyoursite (inferred from references). Its CVSS base score is 7.2 (High).

Operationally, it is not currently listed in the CISA KEV catalog.

Threat & Defense Details

Likely Mitigating ControlsAI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

CA-8 Penetration Testing
addresses: CWE-79

Penetration testing submits XSS payloads to web applications, detecting cross-site scripting flaws for subsequent remediation.

SI-10 Information Input Validation
addresses: CWE-79

Validates web inputs to reject script-related content that could produce XSS.

SI-15 Information Output Filtering
addresses: CWE-79

Output validation against expected content can reject or sanitize script content in generated web pages, reducing XSS exploitability.

NVD Description

The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'csvdata[0][cost_of_goods_value]' parameter in versions up to, and including, 1.2.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

more

attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Deeper analysisAI

Automated synthesis unavailable for this CVE.

Details

CWE(s)
CWE-79

Affected Products

Pixelyoursite
inferred from references and description; NVD did not file a CPE for this CVE

References