CVE-2026-32567
- EPSS 0.05%
- Veröffentlicht 25.03.2026 16:15:12
- Zuletzt bearbeitet 30.03.2026 13:26:50
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through < 5.3.0.
CVE-2024-9378
- EPSS 1.26%
- Veröffentlicht 02.10.2024 09:15:04
- Zuletzt bearbeitet 07.10.2024 20:15:08
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.7.2 due to insufficient input sanitization and output escaping. This makes it possible for...
CVE-2024-1365
- EPSS 1.27%
- Veröffentlicht 13.03.2024 16:15:20
- Zuletzt bearbeitet 08.04.2026 19:20:38
The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feed_id parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible f...
CVE-2023-30473
- EPSS 0.08%
- Veröffentlicht 16.08.2023 10:15:18
- Zuletzt bearbeitet 21.11.2024 08:00:15
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Maxim Glazunov YML for Yandex Market plugin <= 3.10.7 versions.