Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

YITHEMES — Vulnerabilities & Security Advisories 25

Browse all 25 CVE security advisories affecting YITHEMES. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Top products by YITHEMES:YITH WooCommerce Product Add-OnsYITH WooCommerce WishlistYITH WooCommerce CompareYITH WooCommerce Ajax SearchYITH Custom LoginYITH WooCommerce Gift CardsYITH WooCommerce Tab ManagerYITH Essential Kit for WooCommerce #1YITH WooCommerce Ajax Product FilterYITH WooCommerce Waiting ListYITH PayPal Express Checkout for WooCommerceYITH WooCommerce PopupYITH WooCommerce Quick ViewYITH Slider for page buildersYITH WooCommerce Request A Quote
CVE IDTitleCVSSSeverityPublished
CVE-2026-22333 WordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerability — YITH WooCommerce CompareCWE-502 9.8AICriticalAI2026-02-19
CVE-2026-24366 WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability — YITH WooCommerce Request A QuoteCWE-862 5.3 Medium2026-01-22
CVE-2025-68581 WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability — YITH Slider for page buildersCWE-862 5.4 Medium2025-12-24
CVE-2025-8617 YITH WooCommerce Quick View <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yith_quick_view Shortcode — YITH WooCommerce Quick ViewCWE-79 6.4 Medium2025-12-13
CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename — YITH WooCommerce WishlistCWE-639 5.3 Medium2025-11-19
CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion — YITH WooCommerce WishlistCWE-285 5.3 Medium2025-11-19
CVE-2025-54675 WordPress YITH WooCommerce Popup Plugin plugin <= 1.48.0 - Cross Site Request Forgery (CSRF) Vulnerability — YITH WooCommerce PopupCWE-352 4.3 Medium2025-08-14
CVE-2025-48111 WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability — YITH PayPal Express Checkout for WooCommerceCWE-352 4.3 Medium2025-06-17
CVE-2025-5238 YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — YITH WooCommerce WishlistCWE-79 6.4 Medium2025-06-14
CVE-2023-46635 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.2.0 - Broken Access Control vulnerability — YITH WooCommerce Product Add-OnsCWE-862 8.2 -2025-01-02
CVE-2023-36506 WordPress YITH WooCommerce Waitlist plugin <= 2.13.0 - Broken Access Control vulnerability — YITH WooCommerce Waiting ListCWE-862 5.3 Medium2024-12-13
CVE-2024-50448 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.14.1 - Reflected Cross Site Scripting (XSS) vulnerability — YITH WooCommerce Product Add-OnsCWE-79 7.1 High2024-10-28
CVE-2024-47350 WordPress YITH WooCommerce Ajax Search plugin <= 2.8.0 - SQL Injection vulnerability — YITH WooCommerce Ajax SearchCWE-89 9.3 Critical2024-10-06
CVE-2024-47367 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.13.0 - Reflected Cross Site Scripting (XSS) vulnerability — YITH WooCommerce Product Add-OnsCWE-79 7.1 High2024-10-06
CVE-2024-8665 YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting — YITH Custom LoginCWE-79 6.1 Medium2024-09-13
CVE-2024-37943 WordPress YITH WooCommerce Ajax Product Filter plugin <= 5.1.0 - Reflected Cross Site Scripting (XSS) vulnerability — YITH WooCommerce Ajax Product FilterCWE-79 5.8 Medium2024-07-20
CVE-2024-6799 YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation — YITH Essential Kit for WooCommerce #1CWE-862 4.3 Medium2024-07-19
CVE-2024-35680 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability — YITH WooCommerce Product Add-OnsCWE-80 5.3 Medium2024-06-10
CVE-2024-35698 WordPress YITH WooCommerce Tab Manager plugin <= 1.35.0 - Cross Site Scripting (XSS) vulnerability — YITH WooCommerce Tab ManagerCWE-79 5.9 Medium2024-06-08
CVE-2024-35732 WordPress YITH Custom Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability — YITH Custom LoginCWE-79 5.9 Medium2024-06-08
CVE-2024-34385 WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability — YITH WooCommerce WishlistCWE-79 5.9 Medium2024-06-03
CVE-2024-4455 YITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting — YITH WooCommerce Ajax SearchCWE-79 7.2 High2024-05-24
CVE-2024-0870 YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update — YITH WooCommerce Gift CardsCWE-285 5.3 Medium2024-05-14
CVE-2024-32699 WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability — YITH WooCommerce CompareCWE-352 4.3 Medium2024-04-24
CVE-2024-27994 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.5.0 - Cross Site Scripting (XSS) vulnerability — YITH WooCommerce Product Add-OnsCWE-79 7.1 High2024-03-21

This page lists every published CVE security advisory associated with YITHEMES. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.