Vulnerabilities > Yithemes > Yith Woocommerce Ajax Search > 1.3.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-24 | CVE-2024-4455 | Cross-site Scripting vulnerability in Yithemes Yith Woocommerce Ajax Search The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. | 6.1 |
| 2019-10-31 | CVE-2019-16251 | Unspecified vulnerability in Yithemes products plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. | 4.3 |