Vulnerabilities > Yithemes > Yith Custom Login

DATE CVE VULNERABILITY TITLE RISK
2024-09-13 CVE-2024-8665 Cross-site Scripting vulnerability in Yithemes Yith Custom Login
The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.3.
network
low complexity
yithemes CWE-79
6.1
2024-06-08 CVE-2024-35732 Cross-site Scripting vulnerability in Yithemes Yith Custom Login
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0.
network
low complexity
yithemes CWE-79
4.8