Yithemes Yith Woocommerce Ajax Search — known CVE vulnerabilities
Every CVE whose affected-product data names Yithemes Yith Woocommerce Ajax Search, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2024-4455 — CVSS 7.2 (high): The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions…
CVE-2024-7846 — CVSS 5.4 (medium): YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This…
CVE-2019-16251 — CVSS 4.3 (medium): plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.