Show filters
26 Total Results
Displaying 11-20 of 26
Sort by:
Attacker Value
Unknown

CVE-2024-35698

Disclosure Date: June 08, 2024 (last updated August 30, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Tab Manager allows Stored XSS.This issue affects YITH WooCommerce Tab Manager: from n/a through 1.35.0.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-35732

Disclosure Date: June 08, 2024 (last updated July 19, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH Custom Login allows Stored XSS.This issue affects YITH Custom Login: from n/a through 1.7.0.
Attack Vector: NetworkPrivileges: HighUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2024-34385

Disclosure Date: June 03, 2024 (last updated June 04, 2024)
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through 3.32.0.
0
0
Attacker Value
Unknown

CVE-2024-4455

Disclosure Date: May 24, 2024 (last updated January 05, 2025)
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
0
0
Attacker Value
Unknown

CVE-2024-0870

Disclosure Date: May 14, 2024 (last updated January 05, 2025)
The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions in all versions up to, and including, 4.12.0. This makes it possible for unauthenticated attackers to modify WooCommerce settings.
0
0
Attacker Value
Unknown

CVE-2024-32699

Disclosure Date: April 24, 2024 (last updated April 25, 2024)
Cross-Site Request Forgery (CSRF) vulnerability in YITH YITH WooCommerce Compare.This issue affects YITH WooCommerce Compare: from n/a through 2.37.0.
0
0
Attacker Value
Unknown

CVE-2022-44633

Disclosure Date: April 11, 2024 (last updated April 11, 2024)
Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.
0
0
Attacker Value
Unknown

CVE-2024-27994

Disclosure Date: March 21, 2024 (last updated April 02, 2024)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0.
0
0
Attacker Value
Unknown

CVE-2023-49777

Disclosure Date: December 31, 2023 (last updated January 09, 2024)
Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-45359

Disclosure Date: December 06, 2022 (last updated November 08, 2023)
Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >