Vulnerabilities > Yithemes
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-28 | CVE-2024-50448 | Cross-site Scripting vulnerability in Yithemes Yith Woocommerce Product Add-Ons Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.14.1. | 6.1 |
2024-09-13 | CVE-2024-8665 | Cross-site Scripting vulnerability in Yithemes Yith Custom Login The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. | 6.1 |
2024-06-10 | CVE-2024-35680 | Unspecified vulnerability in Yithemes Yith Woocommerce Product Add-Ons Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.9.2. | 5.3 |
2024-06-09 | CVE-2024-30470 | Unspecified vulnerability in Yithemes Woocommerce Account Funds Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through 1.33.0. | 8.8 |
2024-06-08 | CVE-2024-35698 | Unspecified vulnerability in Yithemes Yith Woocommerce TAB Manager Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Tab Manager allows Stored XSS.This issue affects YITH WooCommerce Tab Manager: from n/a through 1.35.0. | 4.8 |
2024-06-08 | CVE-2024-35732 | Unspecified vulnerability in Yithemes Yith Custom Login 1.7.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0. | 4.8 |
2023-12-31 | CVE-2023-49777 | Unspecified vulnerability in Yithemes Yith Woocommerce Product Add-Ons Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0. | 8.8 |
2022-12-06 | CVE-2022-45359 | Unspecified vulnerability in Yithemes Yith Woocommerce Gift Cards Unauth. | 9.8 |
2022-03-28 | CVE-2022-0818 | Unspecified vulnerability in Yithemes Woocommerce Affiliate The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. | 6.1 |
2021-09-27 | CVE-2021-36841 | Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. | 5.4 |