cleantalk
Vulnerabilities and Security Researches

Yotpo: Product & Photo Reviews for WooCommerce, CVE-2024-9356

CVE, Research URL

CVE-2024-9356

Home page URL

Security reports for Yotpo: Product & Photo Reviews for WooCommerce

Application

Yotpo: Product & Photo Reviews for WooCommerce

Published on
Nov 15, 2024
Research Description
The Yotpo: Product & Photo Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'yotpo_user_email' and 'yotpo_user_name' parameters in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
Min -, max 1.7.10.
Status
vulnerable
Previous vulnerability researches
Yotpo: Product & Photo Reviews for WooCommerce (CVE-2024-9356) , Nov 16, 2024
New vulnerability
Popup Maker – Popup for opt-ins, lead gen, & more (CVE-2025-4205) , Jun 06, 2025
MaxiBlocks Free Page Builder & Template Library (CVE-2025-47601) , Jun 06, 2025
MetalpriceAPI (CVE-2025-48140) , Jun 05, 2025
Broken Link Checker (CVE-2025-4047) , Jun 05, 2025
Staff Directory – Employee Directory for WordPress (CVE-2025-5531) , Jun 05, 2025