VYPR
Vendor

Yithemes

Products
10
CVEs
26
Across products
26
Status
Private

Products

10

Recent CVEs

26
View all 26 CVEs →
  • CVE-2024-47350CriOct 6, 2024
    risk 0.60cvss 9.3epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITHEMES YITH WooCommerce Ajax Search yith-woocommerce-ajax-search.This issue affects YITH WooCommerce Ajax Search: from n/a through <= 2.8.0.

  • CVE-2023-49777CriDec 31, 2023
    risk 0.59cvss 9.1epss 0.01

    Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0.

  • CVE-2023-32795HigDec 28, 2023
    risk 0.53cvss 8.2epss 0.01

    Deserialization of Untrusted Data vulnerability in WooCommerce Product Add-Ons.This issue affects Product Add-Ons: from n/a through 6.1.3.

  • CVE-2026-42383HigMay 20, 2026
    risk 0.49cvss 7.6epss 0.00

    Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0.

  • CVE-2026-22333HigFeb 19, 2026
    risk 0.47cvss 7.2epss 0.00

    Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <= 3.6.0.

  • CVE-2024-50448HigOct 28, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.14.1.

  • CVE-2024-47367HigOct 6, 2024
    risk 0.46cvss 7.1epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.13.0.

  • CVE-2024-11423HigJan 8, 2025
    risk 0.43cvss 7.5epss 0.01

    The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized…

  • CVE-2022-44633MedApr 11, 2024
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in YITH YITH WooCommerce Gift Cards Premium.This issue affects YITH WooCommerce Gift Cards Premium: from n/a through 3.23.1.

  • CVE-2024-4455HigMay 24, 2024
    risk 0.40cvss 7.2epss 0.01

    The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated…

  • CVE-2024-37943MedJul 20, 2024
    risk 0.38cvss 5.8epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Ajax Product Filter yith-woocommerce-ajax-navigation.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through <= 5.1.0.

  • CVE-2024-35698MedJun 8, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommerce Tab Manager yith-woocommerce-tab-manager.This issue affects YITH WooCommerce Tab Manager: from n/a through <= 1.35.0.

  • CVE-2024-35732MedJun 8, 2024
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH Custom Login yith-custom-login.This issue affects YITH Custom Login: from n/a through <= 1.7.0.

  • CVE-2023-32794MedNov 9, 2023
    risk 0.35cvss 5.4epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce Product Add-Ons plugin <= 6.1.3 versions.

  • CVE-2023-46635MedJan 2, 2025
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.2.0.

  • CVE-2024-35680MedJun 10, 2024
    risk 0.34cvss 5.3epss 0.00

    Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through <= 4.9.2.

  • CVE-2025-54675MedAug 14, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH WooCommerce Popup yith-woocommerce-popup allows Cross Site Request Forgery.This issue affects YITH WooCommerce Popup: from n/a through <= 1.48.0.

  • CVE-2025-48111MedJun 17, 2025
    risk 0.28cvss 4.3epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.

  • CVE-2024-0870MedMay 14, 2024
    risk 0.27cvss 5.3epss 0.01

    The YITH WooCommerce Gift Cards plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_mail_status' and 'save_email_settings' functions in all versions up to, and including, 4.12.0. This makes it possible for…

  • CVE-2024-7846Sep 23, 2024
    risk 0.00cvss epss 0.00

    YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts.