Yith Woocommerce Ajax Search

yith_woocommerce_ajax_search

Vendor: Yithemes • 3 CVEs

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-7846 1Yithemes 1Yith Woocommerce Ajax Search May 16, 2025 Sep 23, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts.
CVE-2024-4455 1Yithemes 1Yith Woocommerce Ajax Search Apr 8, 2026 May 24, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escapi...Show more The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2019-16251 1Yithemes 38Yith Advanced Refund System For Woocommerce Yith Color And Label Variations For WoocommerceYith Custom Thank You Page For Woocommerce+35 more Jun 17, 2026 Oct 31, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.