EUVD-2024-25168

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Improper neutralization of input in YITH WooCommerce Product Add-Ons allows reflected XSS vulnerability

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2024-27994	19 Feb 202521:02	–	circl
CNNVD	WordPress Plugin YITH WooCommerce Product Add-Ons 跨站脚本漏洞	21 Mar 202400:00	–	cnnvd
CVE	CVE-2024-27994	21 Mar 202415:03	–	cve
Cvelist	CVE-2024-27994 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.5.0 - Cross Site Scripting (XSS) vulnerability	21 Mar 202415:03	–	cvelist
NVD	CVE-2024-27994	21 Mar 202415:16	–	nvd
Patchstack	WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.5.0 is vulnerable to Cross Site Scripting (XSS)	15 Mar 202400:00	–	patchstack
Positive Technologies	PT-2024-22192 · Yith · Yith Woocommerce Product Add-Ons	21 Mar 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-27994	5 Feb 202503:56	–	redhatcve
VulnCheck KEV	VulnCheck KEV: CVE-2024-27994	15 Mar 202400:00	–	vulncheck_kev
Vulnrichment	CVE-2024-27994 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.5.0 - Cross Site Scripting (XSS) vulnerability	21 Mar 202415:03	–	vulnrichment

[
  {
    "enisaIdVendor": [
      {
        "id": "2d4f2b28-653c-302e-a65a-7522a18a52b0",
        "vendor": {
          "name": "YITH"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "b40b57a9-8c1d-3fff-a0b3-9da4df2f8499",
        "product": {
          "name": "YITH WooCommerce Product Add-Ons"
        },
        "product_version": "n/a ≤4.5.0"
      },
      {
        "id": "fba64d5b-c799-3322-a5a0-5db1505002a9",
        "product": {
          "name": "YITH WooCommerce Product Add-Ons"
        }
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/vulnerability/yith-woocommerce-product-add-ons/wordpress-yith-woocommerce-product-add-ons-plugin-4-5-0-cross-site-scripting-xss-vulnerability

03 Oct 2025 20:07Current

8.5High risk

Vulners AI Score8.5

CVSS 3.17.1

EPSS0.00346

SSVC