Vulnerabilities > Yithemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-28 | CVE-2024-50448 | Cross-site Scripting vulnerability in Yithemes Yith Woocommerce Product Add-Ons Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.14.1. | 6.1 |
| 2024-09-13 | CVE-2024-8665 | Cross-site Scripting vulnerability in Yithemes Yith Custom Login The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. | 6.1 |
| 2024-07-19 | CVE-2024-6799 | Missing Authorization vulnerability in Yithemes Yith Essential KIT for Woocommerce The YITH Essential Kit for WooCommerce #1 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'activate_module', 'deactivate_module', and 'install_module' functions in all versions up to, and including, 2.34.0. | 4.3 |
| 2024-06-10 | CVE-2024-35680 | Injection vulnerability in Yithemes Yith Woocommerce Product Add-Ons Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.9.2. | 5.3 |
| 2024-06-09 | CVE-2024-30470 | Missing Authorization vulnerability in Yithemes Woocommerce Account Funds Missing Authorization vulnerability in YITH YITH WooCommerce Account Funds Premium.This issue affects YITH WooCommerce Account Funds Premium: from n/a through 1.33.0. | 8.8 |
| 2024-06-08 | CVE-2024-35698 | Cross-site Scripting vulnerability in Yithemes Yith Woocommerce TAB Manager Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Tab Manager allows Stored XSS.This issue affects YITH WooCommerce Tab Manager: from n/a through 1.35.0. | 4.8 |
| 2024-06-08 | CVE-2024-35732 | Cross-site Scripting vulnerability in Yithemes Yith Custom Login 1.7.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0. | 4.8 |
| 2023-12-31 | CVE-2023-49777 | Deserialization of Untrusted Data vulnerability in Yithemes Yith Woocommerce Product Add-Ons Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0. | 8.8 |
| 2022-12-06 | CVE-2022-45359 | Unrestricted Upload of File with Dangerous Type vulnerability in Yithemes Yith Woocommerce Gift Cards Unauth. | 9.8 |
| 2022-03-28 | CVE-2022-0818 | Cross-site Scripting vulnerability in Yithemes Woocommerce Affiliate The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. | 6.1 |