VYPR

Yith Woocommerce Ajax Search

by Yithemes

CVEs (3)

  • CVE-2024-47350CriOct 6, 2024
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITHEMES YITH WooCommerce Ajax Search yith-woocommerce-ajax-search.This issue affects YITH WooCommerce Ajax Search: from n/a through <= 2.8.0.

  • CVE-2024-4455HigMay 24, 2024
    risk 0.40cvss 7.2epss 0.01

    The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2024-7846Sep 23, 2024
    risk 0.00cvss epss 0.00

    YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts.