Vulnerabilites related to yithemes - YITH WooCommerce Ajax Search
var-201910-0661
Vulnerability from variot
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201910-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "yith woocommerce zoom magnifier",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.11"
},
{
"model": "yith desktop notifications for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.7"
},
{
"model": "yith woocommerce mailchimp",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.1.3"
},
{
"model": "yith woocommerce advanced reviews",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.9"
},
{
"model": "yith woocommerce pdf invoice and shipping list",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.12"
},
{
"model": "yith product size charts for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.1"
},
{
"model": "yith color and label variations for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.8.11"
},
{
"model": "yith woocommerce authorize.net payment gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.12"
},
{
"model": "yith woocommerce recover abandoned cart",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.2"
},
{
"model": "yith paypal express checkout for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.5"
},
{
"model": "yith woocommerce questions and answers",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.9"
},
{
"model": "yith woocommerce badge management",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.19"
},
{
"model": "yith woocommerce points and rewards",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce bulk product editing",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.13"
},
{
"model": "yith pre-order for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.9"
},
{
"model": "yith advanced refund system for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.0.10"
},
{
"model": "yith woocommerce ajax search",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.6.9"
},
{
"model": "yith woocommerce waiting list",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.9"
},
{
"model": "yith woocommerce subscription",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce cart messages",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.4.3"
},
{
"model": "yith woocommerce stripe",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.0.1"
},
{
"model": "yith custom thank you page for woocommerce",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.6"
},
{
"model": "yith woocommerce affiliates",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.6.3"
},
{
"model": "yith woocommerce multi vendor",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "3.4.0"
},
{
"model": "yith woocommerce added to cart popup",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.11"
},
{
"model": "yith woocommerce order tracking",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.10"
},
{
"model": "yith woocommerce product add-ons",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.5.21"
},
{
"model": "yith woocommerce brands add-on",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.6"
},
{
"model": "yith woocommerce wishlist",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.2.13"
},
{
"model": "yith woocommerce gift cards",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.7"
},
{
"model": "yith woocommerce frequently bought together",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.2.10"
},
{
"model": "yith woocommerce quick view",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.13"
},
{
"model": "yith woocommerce compare",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "2.3.13"
},
{
"model": "yith woocommerce request a quote",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.4.7"
},
{
"model": "yith woocommerce social login",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.3.4"
},
{
"model": "yith woocommerce multi-step checkout",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.7.4"
},
{
"model": "yith woocommerce product bundles",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.15"
},
{
"model": "yith woocommerce best sellers",
"scope": "lte",
"trust": 1.0,
"vendor": "yithemes",
"version": "1.1.11"
},
{
"model": "yith-woocommerce-ajax-search",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-badges-management",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-brands-add-on",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-compare",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-order-tracking",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-quick-view",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-request-a-quote",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-social-login",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-wishlist",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
},
{
"model": "yith-woocommerce-zoom-magnifier",
"scope": null,
"trust": 0.8,
"vendor": "yithemes",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_ajax_search",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_badge_management",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_brands_add-on",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_compare",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_order_tracking",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_quick_view",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_request_a_quote",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_social_login",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_wishlist",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:yithemes:yith_woocommerce_zoom_magnifier",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
]
},
"cve": "CVE-2019-16251",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "CVE-2019-16251",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.0,
"id": "VHN-148379",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:S/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2019-16251",
"impactScore": 1.4,
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 4.3,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2019-16251",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2019-16251",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2019-16251",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201910-1900",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-148379",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2019-16251",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes. WordPress is a blogging platform developed by the WordPress Foundation using PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. An attacker could exploit this vulnerability to modify the options of a plugin",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
}
],
"trust": 1.8
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-16251",
"trust": 2.6
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-148379",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2019-16251",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"id": "VAR-201910-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:04:37.006000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://yithemes.com/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "CWE-269",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://wpvulndb.com/vulnerabilities/9932"
},
{
"trust": 1.8,
"url": "https://blog.nintechnet.com/authenticated-settings-change-vulnerability-in-yit-plugin-framework/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-16251"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-16251"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-148379"
},
{
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-10-31T00:00:00",
"db": "VULHUB",
"id": "VHN-148379"
},
{
"date": "2019-10-31T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"date": "2019-10-31T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"date": "2019-10-31T17:15:10.337000",
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-148379"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2019-16251"
},
{
"date": "2019-11-14T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-011623"
},
{
"date": "2020-08-25T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201910-1900"
},
{
"date": "2024-11-21T04:30:23.383000",
"db": "NVD",
"id": "CVE-2019-16251"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "WordPress for YIT Vulnerability related to privilege management in plug-in framework",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-011623"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201910-1900"
}
],
"trust": 0.6
}
}
CVE-2024-4455 (GCVE-0-2024-4455)
Vulnerability from cvelistv5
Published
2024-05-24 10:58
Modified
2024-08-01 20:40
Severity ?
VLAI Severity ?
EPSS score ?
Summary
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| yithemes | YITH WooCommerce Ajax Search |
Version: * ≤ 2.4.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4455",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-24T13:09:17.513709Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:54:26.555Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:40:47.133Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf0f5fd4-cd06-4d11-9f22-1f417b546afb?source=cve"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/browser/yith-woocommerce-ajax-search/trunk/includes/admin/class-yith-wcas-admin-statistic-list-table.php#L213"
},
{
"tags": [
"x_transferred"
],
"url": "https://plugins.trac.wordpress.org/changeset/3091321"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "YITH WooCommerce Ajax Search",
"vendor": "yithemes",
"versions": [
{
"lessThanOrEqual": "2.4.0",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c"
}
],
"descriptions": [
{
"lang": "en",
"value": "The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \u2018item\u2019 parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.2,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-24T10:58:38.573Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/cf0f5fd4-cd06-4d11-9f22-1f417b546afb?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/yith-woocommerce-ajax-search/trunk/includes/admin/class-yith-wcas-admin-statistic-list-table.php#L213"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3091321"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-23T00:00:00.000+00:00",
"value": "Disclosed"
}
],
"title": "YITH WooCommerce Ajax Search \u003c= 2.4.0 - Unauthenticated Stored Cross-Site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2024-4455",
"datePublished": "2024-05-24T10:58:38.573Z",
"dateReserved": "2024-05-03T00:12:38.912Z",
"dateUpdated": "2024-08-01T20:40:47.133Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}