Vulnerabilities > Yithemes
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-31 | CVE-2023-49777 | Deserialization of Untrusted Data vulnerability in Yithemes Yith Woocommerce Product Add-Ons Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0. | 8.8 |
| 2022-12-06 | CVE-2022-45359 | Unrestricted Upload of File with Dangerous Type vulnerability in Yithemes Yith Woocommerce Gift Cards Unauth. | 9.8 |
| 2022-03-28 | CVE-2022-0818 | Cross-site Scripting vulnerability in Yithemes Woocommerce Affiliate The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. | 4.3 |
| 2021-09-27 | CVE-2021-36841 | Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. | 3.5 |
| 2021-09-27 | CVE-2021-36845 | Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. | 3.5 |
| 2021-02-22 | CVE-2021-3120 | Unrestricted Upload of File with Dangerous Type vulnerability in Yithemes Yith Woocommerce Gift Cards An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server. | 9.8 |
| 2019-10-31 | CVE-2019-16251 | Unspecified vulnerability in Yithemes products plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. | 4.0 |
| 2019-09-26 | CVE-2015-9429 | Cross-Site Request Forgery (CSRF) vulnerability in Yithemes Yith Maintenance Mode The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | 4.3 |