cleantalk
Vulnerabilities and Security Researches

YITH WooCommerce Ajax Search, CVE-2024-7846

CVE, Research URL

CVE-2024-7846

Home page URL

Security reports for YITH WooCommerce Ajax Search

Application

YITH WooCommerce Ajax Search

Published on
Sep 23, 2024
Research Description
YITH WooCommerce Ajax Search is vulnerable to a XSS vulnerability due to insufficient sanitization of user supplied block attributes. This makes it possible for Contributors+ attackers to inject arbitrary scripts.
Affected versions
max 2.7.1.
Status
vulnerable
Previous vulnerability researches
YITH WooCommerce Ajax Search (CVE-2024-47350) , Oct 03, 2024
YITH WooCommerce Ajax Search (CVE-2019-16251) , Jun 06, 2024
YITH WooCommerce Ajax Search (CVE-2024-4455) , Jun 06, 2024
YITH WooCommerce Ajax Search (CVE-2024-7846) , Sep 24, 2024
New vulnerability
OOPSpam Anti-Spam (CVE-2026-32544) , Mar 31, 2026
NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor (CVE-2026-27042) , Mar 31, 2026
The Conference (CVE-2026-32335) , Mar 31, 2026
WP Booking System – Booking Calendar (CVE-2025-68515) , Mar 31, 2026
UPI QR Code Payment Gateway for WooCommerce (CVE-2025-67969) , Mar 31, 2026