Vulnerabilities and security researches foryith-woocommerce-tab-manager yith-woocommerce-tab-manager

Jun 07, 2024

CVE, Research URL: 1dc5372eb305daac00ef2d00e469c497547bd509
Home page URL: Security reports for YITH WooCommerce Tab Manager
Application: YITH WooCommerce Tab Manager
Date: -
Research Description: YITH WooCommerce Tab Manager [yith-woocommerce-tab-manager] < 1.17.1 WordPress YITH WooCommerce Tab Manager Plugin <= 1.16.0 is vulnerable to Cross Site Request Forgery (CSRF) Update the WordPress YITH WooCommerce Tab Manager plugin to the latest available version (at least 1.17.1). Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress YITH WooCommerce Tab Manager Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. For example a password change which will then allow the malicious actor to login into the admin account. This vulnerability has been fixed in version 1.17.1.
Affected versions: max 1.17.1.
Status: vulnerable

Jun 10, 2024

CVE, Research URL: CVE-2024-35698
Home page URL: Security reports for YITH WooCommerce Tab Manager
Application: YITH WooCommerce Tab Manager
Date: Jun 08, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Tab Manager allows Stored XSS.This issue affects YITH WooCommerce Tab Manager: from n/a through 1.35.0.
Affected versions: max 1.35.1.
Status: vulnerable