Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

YITH — Vulnerabilities & Security Advisories 8

Browse all 8 CVE security advisories affecting YITH. AI-powered Chinese analysis, POCs, and references for each vulnerability.

YITH develops WordPress plugins for e-commerce and business solutions, with eight CVEs recorded. Historically, vulnerabilities have included stored cross-site scripting (XSS), arbitrary file uploads leading to remote code execution (RCE), and privilege escalation flaws, often stemming from insufficient input validation and improper access controls. Security researchers have identified consistent patterns in how user-supplied data is handled, with some critical issues allowing unauthenticated attackers to compromise affected sites. While no major public incidents have been widely documented, the recurring nature of these vulnerabilities suggests ongoing challenges in secure coding practices within the plugin ecosystem.

Top products by YITH: YITH Maintenance Mode (WordPress plugin) YITH WooCommerce Gift Cards YITH WooCommerce Product Add-Ons YITH WooCommerce Gift Cards Premium YITH WooCommerce Account Funds Premium YITH WooCommerce Waiting List YITH WooCommerce Wishlist
CVE IDTitleCVSSSeverityPublished
CVE-2026-27329 WordPress YITH WooCommerce Wishlist plugin <= 4.12.0 - Insecure Direct Object References (IDOR) vulnerability — YITH WooCommerce WishlistCWE-639 5.3 Medium2026-05-07
CVE-2023-36506 WordPress YITH WooCommerce Waitlist plugin <= 2.13.0 - Broken Access Control vulnerability — YITH WooCommerce Waiting ListCWE-862 5.3 Medium2024-12-13
CVE-2024-30470 WordPress YITH WooCommerce Account Funds Premium plugin <= 1.32.0 - Broken Access Control vulnerability — YITH WooCommerce Account Funds PremiumCWE-862 6.5 Medium2024-06-09
CVE-2022-44633 WordPress YITH WooCommerce Gift Cards Premium plugin <= 3.23.1 - Unauth. Gift Card Creation Leading to Stored XSS vulnerability — YITH WooCommerce Gift Cards PremiumCWE-862 6.5 Medium2024-03-21
CVE-2023-49777 WordPress YITH WooCommerce Product Add-Ons Plugin <= 4.3.0 is vulnerable to PHP Object Injection — YITH WooCommerce Product Add-OnsCWE-502 9.1 Critical2023-12-31
CVE-2022-45359 WordPress YITH WooCommerce Gift Cards Premium Plugin <= 3.19.0 is vulnerable to Arbitrary File Upload — YITH WooCommerce Gift CardsCWE-434 9.8 Critical2022-12-06
CVE-2021-36845 YITH Maintenance Mode (WordPress plugin) <= 1.3.8 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities — YITH Maintenance Mode (WordPress plugin)CWE-79 6.9 Medium2021-09-27
CVE-2021-36841 YITH Maintenance Mode (WordPress plugin) <= 1.3.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability. — YITH Maintenance Mode (WordPress plugin)CWE-79 6.9 Medium2021-09-27

This page lists every published CVE security advisory associated with YITH. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.