CVE Search Engine - Security Vulnerabilities and Exploits Search Tool | Vulners.com

🔥 Daily Hot!

💪🏽 CPE Enhanced Advisories

🕶 Shadow Exploits

🕵🏼 Vulners CPE

🔐 Security news

💻 Exploit updates

📑 Blogs review

🐧 Linux vulnerabilities

🤖 AI High Score

show all

225 matches found

Nuclei•added 11 hours ago•8 views

YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting

The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'queryString' parameter in the REST API endpoint /ywcas/v1/register in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. id: CVE-2024-4455 info...

7.2CVSS5.8AI score0.0101EPSS

Exploits0References3

Cvelist•added 2026/06/11 9:50 a.m.•26 views

CVE-2022-44630 WordPress YITH WooCommerce Product Slider Carousel plugin <= 1.16.0 - Cross-Site Request Forgery (CSRF)

Cross-Site request forgery CSRF vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0...

4.6CVSS0.00162EPSS

Exploits0References1

Vulnrichment•added 2026/06/11 9:50 a.m.•7 views

CVE-2022-44630 WordPress YITH WooCommerce Product Slider Carousel plugin <= 1.16.0 - Cross-Site Request Forgery (CSRF)

Cross-Site request forgery CSRF vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0...

4.6CVSS5.4AI score0.00162EPSS

Exploits0References1

Positive Technologies•added 2026/06/11 12:0 a.m.•10 views

PT-2026-48634

Cross-Site request forgery CSRF vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0...

4.6CVSS5.4AI score0.00162EPSS

Exploits0References2

RedhatCVE•added 2026/06/05 7:33 p.m.•8 views

CVE-2026-27329

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...

5.3CVSS5.4AI score0.00248EPSS

Exploits0References1

NVD•added 2026/05/20 1:16 p.m.•7 views

CVE-2026-42383

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0...

7.6CVSS0.00289EPSS

Exploits0References1

CVE•added 2026/05/20 12:55 p.m.•10 views

CVE-2026-42383

The CVE-2026-42383 entry concerns the WordPress plugin “YITH WooCommerce Product Add-Ons” (affected versions: n/a through 4.29.0). The issue is described as an improper neutralization of special elements in SQL commands, i.e., a SQL Injection vulnerability that can enable blind SQL injection. Rel...

7.6CVSS5.8AI score0.00289EPSS

Exploits0References1

Cvelist•added 2026/05/20 12:55 p.m.•31 views

CVE-2026-42383 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0...

7.6CVSS0.00289EPSS

Exploits0References1

ATTACKERKB•added 2026/05/20 12:55 p.m.•6 views

CVE-2026-42383

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0...

7.6CVSS5.8AI score0.00289EPSS

Exploits0References2

Vulnrichment•added 2026/05/20 12:55 p.m.•9 views

CVE-2026-42383 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.29.0 - SQL Injection vulnerability

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0...

7.6CVSS5.8AI score0.00289EPSS

Exploits0References1

CVE•added 2026/05/07 7:35 a.m.•12 views

CVE-2026-27329

The CVE concerns WordPress YITH WooCommerce Wishlist plugin (versions

5.3CVSS5.8AI score0.00248EPSS

Exploits0References1

Vulnrichment•added 2026/05/07 7:35 a.m.•5 views

CVE-2026-27329 WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...

5.3CVSS5.8AI score0.00248EPSS

Exploits0References1

ATTACKERKB•added 2026/05/07 7:35 a.m.•2 views

CVE-2026-27329

Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0...

5.3CVSS5.8AI score0.00248EPSS

Exploits0References2

CNNVD•added 2026/05/07 12:0 a.m.•5 views

WordPress plugin YITH WooCommerce Wishlist 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

5.3CVSS5.8AI score0.00248EPSS

Exploits0References1

Positive Technologies•added 2026/05/07 12:0 a.m.•10 views

PT-2026-38357

Name of the Vulnerable Software and Affected Versions YITH WooCommerce Wishlist versions prior to 4.12.0 Description An authorization bypass exists due to a user-controlled key, which allows for the exploitation of incorrectly configured access control security levels. Recommendations Update to a...

5.3CVSS5.8AI score0.00248EPSS

Exploits0References5

CNNVD•added 2026/04/10 12:0 a.m.•3 views

WordPress plugin YITH WooCommerce Wishlist 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

6.5CVSS5.9AI score0.00226EPSS

Exploits0References1

RedhatCVE•added 2026/02/20 1:26 p.m.•4 views

CVE-2026-22333

Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through = 3.6.0...

7.2CVSS5.5AI score0.00469EPSS

Exploits0References1

NVD•added 2026/02/19 9:16 a.m.•4 views

CVE-2026-22333

Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through = 3.6.0...

7.2CVSS0.00469EPSS

Exploits0References1

CVE•added 2026/02/19 8:26 a.m.•11 views

CVE-2026-22333

CVE-2026-22333 affects the WordPress plugin YITH WooCommerce Compare (YITH WooCommerce Compare, versions from unknown start through

7.2CVSS5.5AI score0.00469EPSS

Exploits0References1

Cvelist•added 2026/02/19 8:26 a.m.•30 views

CVE-2026-22333 WordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerability

Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through = 3.6.0...

7.2CVSS0.00469EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by