Skip to main content

Yith Woocommerce Ajax Search

3 CVEs product

Monthly

CVE-2024-7846 MEDIUM POC This Month

YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yith Woocommerce Ajax Search
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-4455 HIGH POC PATCH This Week

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Yith Woocommerce Ajax Search
NVD
CVSS 3.1
7.2
EPSS
8.2%
CVE-2019-16251 MEDIUM This Month

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure Yith Woocommerce Wishlist Yith Woocommerce Compare +36
NVD
CVSS 3.1
4.3
EPSS
0.9%
EPSS 0% CVSS 5.4
MEDIUM POC This Month

YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Yith Woocommerce Ajax Search
NVD WPScan
EPSS 8% CVSS 7.2
HIGH POC PATCH This Week

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS WordPress Yith Woocommerce Ajax Search
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP WordPress Information Disclosure +38
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy