cleantalk
Vulnerabilities and Security Researches

YITH WooCommerce Product Add-Ons, CVE-2026-42383

CVE, Research URL

CVE-2026-42383

Home page URL

Security reports for YITH WooCommerce Product Add-Ons

Application

YITH WooCommerce Product Add-Ons

Published on
May 20, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0.
Affected versions
max 4.29.1.
Status
vulnerable
Previous vulnerability researches
AudioIgniter Music Player (CVE-2026-8679) , May 22, 2026
New vulnerability
TypeSquare Webfonts for ConoHa (CVE-2026-8610) , May 23, 2026
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-15369) , May 22, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-42676) , May 22, 2026
Stripe Payment Plugin for WooCommerce (CVE-2026-45217) , May 22, 2026
YITH WooCommerce Product Add-Ons (CVE-2026-42383) , May 22, 2026