Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

YITHEMES — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting YITHEMES. AI-powered Chinese analysis, POCs, and references for each vulnerability.

YITHEMES operates as a software vendor specializing in digital asset management and enterprise content solutions, primarily targeting large-scale organizational infrastructure. Security audits have identified twenty-four distinct Common Vulnerabilities and Exposures (CVEs) associated with its product suite, indicating a persistent pattern of implementation flaws. The majority of these vulnerabilities involve remote code execution and cross-site scripting, which allow attackers to compromise system integrity or steal user data. Additionally, several instances of broken access control and privilege escalation have been documented, suggesting inadequate input validation and insufficient authorization checks within the application logic. While no single catastrophic data breach has been publicly attributed solely to YITHEMES, the high volume of disclosed CVEs reflects significant technical debt and inconsistent patch management practices. This profile underscores the critical need for rigorous code review and continuous security monitoring in their deployment environments to mitigate ongoing risks.

Top products by YITHEMES: YITH WooCommerce Product Add-Ons YITH WooCommerce Wishlist YITH WooCommerce Compare YITH WooCommerce Ajax Search YITH Custom Login YITH WooCommerce Gift Cards YITH WooCommerce Tab Manager YITH Essential Kit for WooCommerce #1 YITH WooCommerce Ajax Product Filter YITH PayPal Express Checkout for WooCommerce YITH WooCommerce Popup YITH WooCommerce Quick View YITH Slider for page builders YITH WooCommerce Request A Quote
CVE IDTitleCVSSSeverityPublished
CVE-2026-22333 WordPress YITH WooCommerce Compare plugin <= 3.6.0 - Deserialization of untrusted data vulnerability — YITH WooCommerce CompareCWE-502 7.2 High2026-02-19
CVE-2026-24366 WordPress YITH WooCommerce Request A Quote plugin <= 2.46.0 - Broken Access Control vulnerability — YITH WooCommerce Request A QuoteCWE-862 5.3 Medium2026-01-22
CVE-2025-68581 WordPress YITH Slider for page builders plugin <= 1.0.11 - Broken Access Control vulnerability — YITH Slider for page buildersCWE-862 5.4 Medium2025-12-24
CVE-2025-8617 YITH WooCommerce Quick View <= 2.7.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via yith_quick_view Shortcode — YITH WooCommerce Quick ViewCWE-79 6.4 Medium2025-12-13
CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename — YITH WooCommerce WishlistCWE-639 5.3 Medium2025-11-19
CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion — YITH WooCommerce WishlistCWE-285 5.3 Medium2025-11-19
CVE-2025-54675 WordPress YITH WooCommerce Popup Plugin plugin <= 1.48.0 - Cross Site Request Forgery (CSRF) Vulnerability — YITH WooCommerce PopupCWE-352 4.3 Medium2025-08-14
CVE-2025-48111 WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability — YITH PayPal Express Checkout for WooCommerceCWE-352 4.3 Medium2025-06-17
CVE-2025-5238 YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — YITH WooCommerce WishlistCWE-79 6.4 Medium2025-06-14
CVE-2023-46635 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.2.0 - Broken Access Control vulnerability — YITH WooCommerce Product Add-OnsCWE-862 5.3 Medium2025-01-02
CVE-2024-50448 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.14.1 - Reflected Cross Site Scripting (XSS) vulnerability — YITH WooCommerce Product Add-OnsCWE-79 7.1 High2024-10-28
CVE-2024-47350 WordPress YITH WooCommerce Ajax Search plugin <= 2.8.0 - SQL Injection vulnerability — YITH WooCommerce Ajax SearchCWE-89 9.3 Critical2024-10-06
CVE-2024-47367 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.13.0 - Reflected Cross Site Scripting (XSS) vulnerability — YITH WooCommerce Product Add-OnsCWE-79 7.1 High2024-10-06
CVE-2024-8665 YITH Custom Login <= 1.7.3 - Reflected Cross-Site Scripting — YITH Custom LoginCWE-79 6.1 Medium2024-09-13
CVE-2024-37943 WordPress YITH WooCommerce Ajax Product Filter plugin <= 5.1.0 - Reflected Cross Site Scripting (XSS) vulnerability — YITH WooCommerce Ajax Product FilterCWE-79 5.8 Medium2024-07-20
CVE-2024-6799 YITH Essential Kit for WooCommerce #1 <= 2.34.0 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Install, Activation, and Deactivation — YITH Essential Kit for WooCommerce #1CWE-862 4.3 Medium2024-07-19
CVE-2024-35680 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability — YITH WooCommerce Product Add-OnsCWE-80 5.3 Medium2024-06-10
CVE-2024-35698 WordPress YITH WooCommerce Tab Manager plugin <= 1.35.0 - Cross Site Scripting (XSS) vulnerability — YITH WooCommerce Tab ManagerCWE-79 5.9 Medium2024-06-08
CVE-2024-35732 WordPress YITH Custom Login plugin <= 1.7.0 - Cross Site Scripting (XSS) vulnerability — YITH Custom LoginCWE-79 5.9 Medium2024-06-08
CVE-2024-34385 WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability — YITH WooCommerce WishlistCWE-79 5.9 Medium2024-06-03
CVE-2024-4455 YITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting — YITH WooCommerce Ajax SearchCWE-79 7.2 High2024-05-24
CVE-2024-0870 YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update — YITH WooCommerce Gift CardsCWE-285 5.3 Medium2024-05-14
CVE-2024-32699 WordPress YITH WooCommerce Compare plugin <= 2.37.0 - Cross Site Request Forgery (CSRF) vulnerability — YITH WooCommerce CompareCWE-352 4.3 Medium2024-04-24
CVE-2024-27994 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.5.0 - Cross Site Scripting (XSS) vulnerability — YITH WooCommerce Product Add-OnsCWE-79 7.1 High2024-03-21

This page lists every published CVE security advisory associated with YITHEMES. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.