cbcvebase.

Yithemes Yith Woocommerce Product Add-Ons vulnerabilities

7 known vulnerabilities affecting yithemes/yith_woocommerce_product_add-ons.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH3MEDIUM4

Vulnerabilities

Page 1 of 1
CVE-2024-27994P2HIGHCVSS 7.1Exploited≤ 4.5.02024-03-21
CVE-2024-27994 [HIGH] CWE-79 CVE-2024-27994: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.5.0.
nvd
CVE-2023-49777P3HIGHCVSS 8.8≤ 4.3.02023-12-31
CVE-2023-49777 [HIGH] CWE-502 CVE-2023-49777: Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0.
nvd
CVE-2024-47367P4HIGHCVSS 7.1≤ 4.13.02024-10-06
CVE-2024-47367 [HIGH] CWE-79 CVE-2024-47367: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.13.0.
nvd
CVE-2023-46635P4MEDIUMCVSS 5.3≤ 4.2.02025-01-02
CVE-2023-46635 [MEDIUM] CWE-862 CVE-2023-46635: Missing Authorization vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-pr Missing Authorization vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.2.0.
nvd
CVE-2024-35680P4MEDIUMCVSS 5.3fixed in 4.9.3≤ 4.9.22024-06-10
CVE-2024-35680 [MEDIUM] CWE-80 CVE-2024-35680: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in YITHE Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.9.2.
nvd
CVE-2024-50448P4MEDIUMCVSS 6.1fixed in 4.14.2≤ 4.14.12024-10-28
CVE-2024-50448 [MEDIUM] CWE-79 CVE-2024-50448: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.14.1.
nvd
CVE-2019-16251P4MEDIUMCVSS 4.3≤ 1.5.212019-10-31
CVE-2019-16251 [MEDIUM] CVE-2019-16251: plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.
nvd
Yithemes Yith Woocommerce Product Add-Ons vulnerabilities | cvebase