Lucene search
K

17 matches found

EUVD
EUVD
added 2026/04/08 12:31 p.m.7 views

EUVD-2026-20453

WCAPF – WooCommerce Ajax Product Filter plugin is vulnerable to time-based SQL Injection via the 'post-author' parameter in all versions up to, and including, 4.2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...

7.5CVSS5.9AI score0.01473EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 10:35 a.m.8 views

CVE-2024-7846

YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts...

5.4CVSS6AI score0.00313EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:16 a.m.4 views

CVE-2024-37943

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Ajax Product Filter yith-woocommerce-ajax-navigation.This issue affects YITH WooCommerce Ajax Product Filter: from n/a through = 5.1.0...

5.8CVSS5.9AI score0.00296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:35 a.m.7 views

CVE-2024-47350

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITHEMES YITH WooCommerce Ajax Search yith-woocommerce-ajax-search.This issue affects YITH WooCommerce Ajax Search: from n/a through = 2.8.0...

9.3CVSS5.9AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:5 a.m.9 views

CVE-2024-4455

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

7.2CVSS6.1AI score0.0101EPSS
Exploits0References1
CVE
CVE
added 2024/10/06 12:55 p.m.62 views

CVE-2024-47350

CVE-2024-47350 is a SQL injection vulnerability in the YITH WooCommerce Ajax Search plugin (versions

9.3CVSS5.9AI score0.00404EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/06 12:55 p.m.28 views

CVE-2024-47350 WordPress YITH WooCommerce Ajax Search plugin <= 2.8.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITHEMES YITH WooCommerce Ajax Search yith-woocommerce-ajax-search.This issue affects YITH WooCommerce Ajax Search: from n/a through = 2.8.0...

9.3CVSS0.00404EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/09/30 8:52 a.m.5 views

WordPress YITH WooCommerce Ajax Search plugin <= 2.8.0 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Hakiduck Patchstack Alliance in WordPress Plugin YITH WooCommerce Ajax Search versions = 2.8.0...

9.3CVSS8.1AI score0.00404EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/09/23 6:0 a.m.14 views

CVE-2024-7846 YITH WooCommerce Ajax Search < 2.7.1 - Contributor+ Stored XSS

YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts...

6.1AI score0.00313EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/22 12:0 a.m.5 views

PT-2024-38625 · Yith · Yith Woocommerce Ajax Search

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Ajax Search affected versions not specified Description: The issue is related to insufficient sanitization of user-supplied block attributes, which allows attackers with Contributors+ permissions to inject arbitrary scripts...

5.4CVSS6AI score0.00313EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.10 views

PT-2024-31173

Name of the Vulnerable Software and Affected Versions YITH WooCommerce Ajax Search plugin for WordPress versions up to and including 2.4.0 Description The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing unauthenticated attackers...

7.2CVSS5.6AI score0.0101EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/05/24 12:0 a.m.5 views

WordPress plugin YITH WooCommerce Ajax Search 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

7.2CVSS5.7AI score0.0101EPSS
Exploits0References4
OSV
OSV
added 2023/08/30 4:15 p.m.5 views

CVE-2023-28415

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in XootiX Side Cart Woocommerce Ajax plugin = 2.2 versions...

4.8CVSS5.8AI score0.00433EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.5 views

PT-2023-21703 · WordPress · Xootix Side Cart Woocommerce

Name of the Vulnerable Software and Affected Versions: XootiX Side Cart Woocommerce Ajax plugin versions prior to 2.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For versions prior to 2....

5.9CVSS4.9AI score0.00433EPSS
Exploits1References3
OSV
OSV
added 2023/05/22 10:15 a.m.3 views

CVE-2022-45376

Cross-Site Request Forgery CSRF vulnerability in XootiX Side Cart Woocommerce Ajax 2.1 versions...

8.8CVSS5.8AI score0.00273EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/05/22 12:0 a.m.12 views

PT-2023-14661 · Unknown · Xootix Side Cart Woocommerce

Name of the Vulnerable Software and Affected Versions: XootiX Side Cart Woocommerce Ajax versions prior to 2.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on ...

8.8CVSS8.5AI score0.00273EPSS
Exploits1References4
Patchstack
Patchstack
added 2019/10/31 12:0 a.m.14 views

WordPress YITH WooCommerce Ajax Search <=1.7.0 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability

Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Ajax Search versions =1.7.0. Solution Update the WordPress YITH WooCommerce Ajax Search to the latest available version at least 1.7.1...

4.3CVSS3.1AI score0.00948EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder