Wordpress
July 4, 2020

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

Nick

During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter  plugin.

Current State of the Vulnerability

This security bug was fixed in the 3.11.1 release. We are not aware of any exploit attempts currently using this vulnerability.

Disclosure / Response Timeline

  • Jun 4, 2020: Initial contact.
  • Jun 22, 2020: Patch is live.

Continue reading Cross Site Scripting in YITH WooCommerce Ajax Product Filter at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

New Malware Campaign Found Exploiting Stored XSS in Popup Builder < 4.2.3

In January, my colleague reported about a new Balada Injector campaign found exploiting a recent vulnerability in the widely-used Popup…

Read Story
Wordpress
April 25, 2024

XSS Vulnerability in NextScripts: Social Networks Auto-Poster Plugin Impacts 100,000 Sites

Note: To receive disclosures like this in your inbox the moment they’re published, you can subscribe to our WordPress Security…

Read Story
Wordpress
October 28, 2021

4 Million WordPress Sites affected by Stored Cross-Site Scripting Vulnerability in LiteSpeed Cache Plugin

On August 14, 2023, our Wordfence Threat Intelligence team identified and began the responsible disclosure process for a stored Cross-Site…

Read Story
Wordpress
October 23, 2023

Emergency WordPress Help

One of our techs will get back to you within minutes.