Known Vulnerabilities for products from YITHEMES
Listed below are 12 of the newest known vulnerabilities associated with the vendor "YITHEMES".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-24366 json | Not Provided | 2026-01-22 | 2026-04-23 | |
| CVE-2025-68581 json | Not Provided | 2025-12-24 | 2026-04-23 | |
| CVE-2025-54675 json | Not Provided | 2025-08-14 | 2026-04-23 | |
| CVE-2024-50448 json | Not Provided | 2024-10-28 | 2026-04-23 | |
| CVE-2024-47367 json | Not Provided | 2024-10-06 | 2026-04-23 | |
| CVE-2024-47350 json | Not Provided | 2024-10-06 | 2026-04-23 | |
| CVE-2024-37943 json | Not Provided | 2024-07-20 | 2026-04-23 | |
| CVE-2024-35732 json | Not Provided | 2024-06-08 | 2026-04-23 | |
| CVE-2024-35698 json | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITHEMES YITH WooCommer... | Not Provided | 2024-06-08 | 2026-04-23 |
| CVE-2024-35680 json | Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in YITHEMES YITH WooCommerce Prod... | Not Provided | 2024-06-10 | 2026-04-23 |
| CVE-2024-4455 json | The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ paramet... | Not Provided | 2024-05-24 | 2026-04-08 |
| CVE-2022-45359 json | Unauth. Arbitrary File Upload vulnerability in YITH WooCommerce Gift Cards premium plugin <= 3.19.0 on WordPress. | 9.8 - CRITICAL | 2022-12-06 | 2023-11-07 |
| CVE-2022-0818 json | The WooCommerce Affiliate Plugin WordPress plugin before 4.16.4.5 does not have authorization and CSRF checks on a specific a... | 6.1 - MEDIUM | 2022-03-28 | 2022-04-04 |
| CVE-2021-36845 json | Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities in YITH Maintenance Mode (WordPress plugin) versions... | 4.8 - MEDIUM | 2021-09-27 | 2021-10-12 |
| CVE-2021-36841 json | Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, ... | 5.4 - MEDIUM | 2021-09-27 | 2021-09-30 |
| CVE-2021-3120 json | An arbitrary file upload vulnerability in the YITH WooCommerce Gift Cards Premium plugin before 3.3.1 for WordPress allows re... | 9.8 - CRITICAL | 2021-02-22 | 2023-02-01 |
| CVE-2019-16251 json | plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options ch... | 4.3 - MEDIUM | 2019-10-31 | 2020-08-24 |
| CVE-2015-9429 json | The yith-maintenance-mode plugin before 1.2.0 for WordPress has CSRF with resultant XSS via the wp-admin/themes.php?page=yith... | 6.5 - MEDIUM | 2019-09-26 | 2019-09-26 |