Vulnerabilities > Yithemes > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-28 | CVE-2024-50448 | Cross-site Scripting vulnerability in Yithemes Yith Woocommerce Product Add-Ons Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.14.1. | 6.1 |
| 2024-09-13 | CVE-2024-8665 | Cross-site Scripting vulnerability in Yithemes Yith Custom Login The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. | 6.1 |
| 2024-06-10 | CVE-2024-35680 | Unspecified vulnerability in Yithemes Yith Woocommerce Product Add-Ons Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.9.2. | 5.3 |
| 2024-06-08 | CVE-2024-35698 | Unspecified vulnerability in Yithemes Yith Woocommerce TAB Manager Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Tab Manager allows Stored XSS.This issue affects YITH WooCommerce Tab Manager: from n/a through 1.35.0. | 4.8 |
| 2024-06-08 | CVE-2024-35732 | Unspecified vulnerability in Yithemes Yith Custom Login 1.7.0 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0. | 4.8 |
| 2022-03-28 | CVE-2022-0818 | Unspecified vulnerability in Yithemes Woocommerce Affiliate The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific action handler, as well as does not sanitize its settings, which enables an unauthenticated attacker to inject malicious XSS payloads into the settings page of the plugin. | 6.1 |
| 2021-09-27 | CVE-2021-36841 | Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. | 5.4 |
| 2021-09-27 | CVE-2021-36845 | Cross-site Scripting vulnerability in Yithemes Yith Maintenance Mode Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.8, there are 46 vulnerable parameters that were missed by the vendor while patching the 1.3.7 version to 1.3.8. | 4.8 |
| 2019-10-31 | CVE-2019-16251 | Unspecified vulnerability in Yithemes products plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. | 4.3 |
| 2019-09-26 | CVE-2015-9429 | Cross-Site Request Forgery (CSRF) vulnerability in Yithemes Yith Maintenance Mode The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith-maintenance-mode panel_page parameter. | 6.5 |