20 matches found
EUVD-2024-25168
Malicious code in bioql PyPI...
CVE-2024-35680
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.9.2...
CVE-2023-46635 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.2.0...
CVE-2024-50448 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.14.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.14.1...
WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.14.1 is vulnerable to Cross Site Scripting (XSS)
Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.14.1 Fixed in 4.14.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50448 Patch priority Medium CVSS severity Medium 7.1 Developer YITH PSID c89cdca7b8b3 Credits Le Ngoc Anh Required...
CVE-2024-47367
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.13.0...
CVE-2024-47367
CVE-2024-47367 affects YITH WooCommerce Product Add-Ons (versions
CVE-2024-47367 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.13.0 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.13.0...
CVE-2024-35680 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability
Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.9.2...
WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability
Content Injection vulnerability discovered by Savphill Patchstack Alliance in WordPress Plugin YITH WooCommerce Product Add-Ons versions = 4.9.2...
WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.9.2 is vulnerable to Content Injection
Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.9.2 Fixed in 4.9.3 OWASP Top 10 A3: Injection Classification Content Injection CVE CVE-2024-35680 Patch priority Low CVSS severity Low 5.3 Developer YITH PSID b074b61667f8 Credits savphill Required privilege...
CVE-2024-27994
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in YITHEMES YITH WooCommerce Product Add-Ons yith-woocommerce-product-add-ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through = 4.5.0...
PT-2023-24028 · WordPress · Woocommerce Product Add-Ons
Name of the Vulnerable Software and Affected Versions: WooCommerce Product Add-Ons plugin versions = 6.1.3 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a we...
WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.2.0 is vulnerable to Broken Access Control
Software YITH WooCommerce Product Add-Ons Type Plugin Vulnerable versions = 4.2.0 Fixed in 4.2.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-46635 Patch priority Medium CVSS severity Medium 5.3 Developer YITH PSID e6f126f82710 Credits Elliot Required...
WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to PHP Object Injection
Software WooCommerce Product Add-ons Type Plugin Vulnerable versions = 6.1.3 Fixed in 6.2.0 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-32795 Patch priority Medium CVSS severity Medium 8.2 Developer Claim ownership PSID 8de26d9f8493 Credits Rafie Muhammad Patchstac...
WordPress WooCommerce Product Add-ons Plugin <= 6.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software WooCommerce Product Add-ons Type Plugin Vulnerable versions = 6.1.3 Fixed in 6.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32794 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID dbc7cb0b3b07 Credits Rafie...
YITH WooCommerce Product Add-Ons < 2.1.0 - Authenticated Local File Inclusion
The plugin does not validate user input before using it to generate a local path passed to include, which could lead to a Local File Inclusion issue on Windows Web Servers PoC https://example.com/wp-admin/admin.php?page=yithwapopanel=blocksid=1id=1type=html%2F..%2Fhello...
YITH WooCommerce Product Add-Ons < 2.1.0 - Reflected Cross-Site Scripting
The plugin does not escape some parameters before outputting them back in the edit addon page in the admin dashboard, leading to Reflected Cross-Site Scripting issues v alert/XSS-id/&addontype=html"alert/XSS-type/ v 2.1.0...
YITH WooCommerce Product Add-Ons < 2.1.0 - Reflected Cross-Site Scripting
The plugin does not escape some parameters before outputting them back in the edit addon page in the admin dashboard, leading to Reflected Cross-Site Scripting issues PoC v type=html" v 2.1.0 https://example.com/wp-admin/admin.php?page=yithwapopanel=blocksid=1id=1type=html" accesskey=X...
WordPress YITH WooCommerce Product Add-Ons plugin <=1.5.21 - Authenticated Settings Change (YITH Plugin Framework <=3.3.8) vulnerability
Authenticated Settings Change YITH Plugin Framework =3.3.8 vulnerability found by Jerome Bruandet in WordPress YITH WooCommerce Product Add-Ons plugin versions =1.5.21. Solution Update the WordPress YITH WooCommerce Product Add-Ons plugin to the latest available version at least 1.5.23...