plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.
4.3CVSS
4.4AI Score
0.001EPSS
Deserialization of Untrusted Data vulnerability in YITH YITH WooCommerce Product Add-Ons.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.3.0.
9.1CVSS
8.7AI Score
0.001EPSS
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.9.2.
5.3CVSS
5.4AI Score
0.0005EPSS