Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

YITHEMES — Vulnerabilities & Security Advisories 24

Browse all 24 CVE security advisories affecting YITHEMES. AI-powered Chinese analysis, POCs, and references for each vulnerability.

YITHEMES operates as a software vendor specializing in digital asset management and enterprise content solutions, primarily targeting large-scale organizational infrastructure. Security audits have identified twenty-four distinct Common Vulnerabilities and Exposures (CVEs) associated with its product suite, indicating a persistent pattern of implementation flaws. The majority of these vulnerabilities involve remote code execution and cross-site scripting, which allow attackers to compromise system integrity or steal user data. Additionally, several instances of broken access control and privilege escalation have been documented, suggesting inadequate input validation and insufficient authorization checks within the application logic. While no single catastrophic data breach has been publicly attributed solely to YITHEMES, the high volume of disclosed CVEs reflects significant technical debt and inconsistent patch management practices. This profile underscores the critical need for rigorous code review and continuous security monitoring in their deployment environments to mitigate ongoing risks.

Found 4 results / 24Clear Filters
Top products by YITHEMES: YITH WooCommerce Product Add-Ons YITH WooCommerce Wishlist YITH WooCommerce Compare YITH WooCommerce Ajax Search YITH Custom Login YITH WooCommerce Gift Cards YITH WooCommerce Tab Manager YITH Essential Kit for WooCommerce #1 YITH WooCommerce Ajax Product Filter YITH PayPal Express Checkout for WooCommerce YITH WooCommerce Popup YITH WooCommerce Quick View YITH Slider for page builders YITH WooCommerce Request A Quote
CVE IDTitleCVSSSeverityPublished
CVE-2025-12427 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist Rename — YITH WooCommerce WishlistCWE-639 5.3 Medium2025-11-19
CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion — YITH WooCommerce WishlistCWE-285 5.3 Medium2025-11-19
CVE-2025-5238 YITH WooCommerce Wishlist <= 4.5.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via id Parameter — YITH WooCommerce WishlistCWE-79 6.4 Medium2025-06-14
CVE-2024-34385 WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability — YITH WooCommerce WishlistCWE-79 5.9 Medium2024-06-03

This page lists every published CVE security advisory associated with YITHEMES. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.