CVE-2024-47350
- EPSS 0.29%
- Published 06.10.2024 13:15:16
- Last modified 07.10.2024 17:47:48
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Ajax Search allows SQL Injection.This issue affects YITH WooCommerce Ajax Search: from n/a through 2.8.0.
CVE-2024-7846
- EPSS 0.07%
- Published 23.09.2024 06:15:04
- Last modified 16.05.2025 20:11:50
YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts.
CVE-2024-4455
- EPSS 1.73%
- Published 24.05.2024 11:15:09
- Last modified 04.04.2025 23:49:13
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2019-16251
- EPSS 0.51%
- Published 31.10.2019 17:15:10
- Last modified 21.11.2024 04:30:23
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.