Yith Woocommerce Quick View
by WordPress
Source repositories
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-8617 | Med | 0.42 | 6.4 | 0.00 | Dec 13, 2025 | The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yith_quick_view shortcode in all versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This… | ||
| CVE-2025-12584 | Med | 0.34 | 5.3 | 0.00 | Nov 27, 2025 | The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqv_popup_content' AJAX endpoint due to insufficient restrictions on which products can be included. This makes it possible for… | ||
| CVE-2025-24705 | Med | 0.34 | 5.3 | 0.00 | Jan 24, 2025 | Missing Authorization vulnerability in Arshid WooCommerce Quick View woo-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Quick View: from n/a through <= 1.1.1. |
- risk 0.42cvss 6.4epss 0.00
The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yith_quick_view shortcode in all versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This…
- risk 0.34cvss 5.3epss 0.00
The Quick View for WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.17 via the 'wqv_popup_content' AJAX endpoint due to insufficient restrictions on which products can be included. This makes it possible for…
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Arshid WooCommerce Quick View woo-quick-view allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Quick View: from n/a through <= 1.1.1.