cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches foryuki yuki

Direction: ascending
Jun 10, 2024

Yuki # CVE-2024-1388

CVE, Research URL

CVE-2024-1388

Home page URL

Security reports for Yuki

Application

Yuki

Date
Feb 28, 2024
Research Description
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings.
Affected versions
max 1.3.14.
Status
vulnerable

Yuki # CVE-2024-1943

CVE, Research URL

CVE-2024-1943

Home page URL

Security reports for Yuki

Application

Yuki

Date
Feb 28, 2024
Research Description
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
max 1.3.15.
Status
vulnerable
Jun 11, 2024

Yuki # f4d60c1247dfd2dcef2e7f7c40df2f7b743e04f8

CVE, Research URL

f4d60c1247dfd2dcef2e7f7c40df2f7b743e04f8

Home page URL

Security reports for Yuki

Application

Yuki

Date
Jul 18, 2023
Research Description
Yuki [yuki] < 1.3.8 WordPress Yuki Theme <= 1.3.7 is vulnerable to Cross Site Scripting (XSS) No patched version available. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress Yuki Theme. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has not been known to be fixed yet.
Affected versions
max 1.3.8.
Status
vulnerable
Jun 14, 2026

Yuki # CVE-2023-33999

CVE, Research URL

CVE-2023-33999

Home page URL

Security reports for Yuki

Application

Yuki

Date
Jun 11, 2026
Research Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows DOM-Based XSS. This issue affects WP Mail Log: from n/a through 1.0.2.
Affected versions
max 1.3.8.
Status
vulnerable