Vulnerabilities > Yithemes > Yith Custom Login > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-13 | CVE-2024-8665 | Cross-site Scripting vulnerability in Yithemes Yith Custom Login The YITH Custom Login plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.3. | 6.1 |
| 2024-06-08 | CVE-2024-35732 | Cross-site Scripting vulnerability in Yithemes Yith Custom Login Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0. | 4.8 |