Vulnerabilities > Yithemes

DATE CVE VULNERABILITY TITLE RISK
2024-10-28 CVE-2024-50448 Cross-site Scripting vulnerability in Yithemes Yith Woocommerce Product Add-Ons
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.14.1.
network
low complexity
yithemes CWE-79
6.1
2024-09-13 CVE-2024-8665 Cross-site Scripting vulnerability in Yithemes Yith Custom Login
The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.3.
network
low complexity
yithemes CWE-79
6.1
2024-06-10 CVE-2024-35680 Unspecified vulnerability in Yithemes Yith Woocommerce Product Add-Ons
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.9.2.
network
low complexity
yithemes
5.3
2024-06-09 CVE-2024-30470 Unspecified vulnerability in Yithemes Woocommerce Account Funds
Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through 1.33.0.
network
low complexity
yithemes
8.8
2024-06-08 CVE-2024-35698 Unspecified vulnerability in Yithemes Yith Woocommerce TAB Manager
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Tab Manager allows Stored XSS.This issue affects YITH WooCommerce Tab Manager: from n/a through 1.35.0.
network
low complexity
yithemes
4.8
2024-06-08 CVE-2024-35732 Unspecified vulnerability in Yithemes Yith Custom Login 1.7.0
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0.
network
low complexity
yithemes
4.8
2023-12-31 CVE-2023-49777 Unspecified vulnerability in Yithemes Yith Woocommerce Product Add-Ons
Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0.
network
low complexity
yithemes
8.8
2022-12-06 CVE-2022-45359 Unspecified vulnerability in Yithemes Yith Woocommerce Gift Cards
Unauth.
network
low complexity
yithemes
critical
9.8
2022-03-28 CVE-2022-0818 Unspecified vulnerability in Yithemes Woocommerce Affiliate
The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin.
network
low complexity
yithemes
6.1
2021-09-27 CVE-2021-36841 Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode
Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label.
network
low complexity
yithemes CWE-79
5.4