cleantalk
Vulnerabilities and Security Researches

YITH WooCommerce Product Add-Ons, CVE-2026-42383

CVE, Research URL

CVE-2026-42383

Home page URL

Security reports for YITH WooCommerce Product Add-Ons

Application

YITH WooCommerce Product Add-Ons

Published on
May 20, 2026
Research Description
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Blind SQL Injection. This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.29.0.
Affected versions
max 4.29.1.
Status
vulnerable
Previous vulnerability researches
Events Calendar for GeoDirectory (CVE-2025-26967) , Mar 05, 2025
Events Calendar for GeoDirectory (CVE-2026-39532) , Apr 23, 2026
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2026-42671) , May 22, 2026
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-56259) , Jan 03, 2025
GeoDirectory – WordPress Business Directory Plugin, or Classified Directory (CVE-2024-13507) , Jul 30, 2025
New vulnerability
130+ Widgets | Best Addons For Elementor – FREE (CVE-2025-15369) , May 22, 2026
myCred – Points, Rewards, Gamification, Ranks, Badges & Loyalty Plugin (CVE-2026-42676) , May 22, 2026
Stripe Payment Plugin for WooCommerce (CVE-2026-45217) , May 22, 2026
YITH WooCommerce Product Add-Ons (CVE-2026-42383) , May 22, 2026
Quick Table (CVE-2026-6237) , May 22, 2026