Vulnerabilities > Yithemes

DATE CVE VULNERABILITY TITLE RISK
2021-09-27 CVE-2021-36845 Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode
Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8.
network
low complexity
yithemes CWE-79
4.8
2021-02-22 CVE-2021-3120 Unrestricted Upload of File with Dangerous Type vulnerability in Yithemes Yith Woocommerce Gift Cards
An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows remote attackers to achieve remote code execution on the operating system in the security context of the web server.
network
low complexity
yithemes CWE-434
critical
9.8
2019-10-31 CVE-2019-16251 Unspecified vulnerability in Yithemes products
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.
network
low complexity
yithemes
4.3
2019-09-26 CVE-2015-9429 Cross-Site Request Forgery (CSRF) vulnerability in Yithemes Yith Maintenance Mode
The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter.
network
low complexity
yithemes CWE-352
6.5