Cross Site Scripting in YITH WooCommerce Ajax Product Filter


During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter  plugin.

Current State of the Vulnerability

This security bug was fixed in the 3.11.1 release. We are not aware of any exploit attempts currently using this vulnerability.

Disclosure / Response Timeline

  • Jun 4, 2020: Initial contact.
  • Jun 22, 2020: Patch is live.

Continue reading Cross Site Scripting in YITH WooCommerce Ajax Product Filter at Sucuri Blog.

More great articles

Vulnerable Plugins: June 2020 Update

This is a mid-month update to our regular Monthly Vulnerability Digest, which reveals a number of new patches for disclosed…

Read Story

High Severity Vulnerabilities in Post Grid and Team Showcase Plugins

On September 14, 2020, our Threat Intelligence team discovered two high severity vulnerabilities in Post Grid, a WordPress plugin with…

Read Story

Critical 0-day in The Plus Addons for Elementor Allows Site Takeover

Today, March 8, 2021, the Wordfence Threat Intelligence team became aware of a critical 0-day in The Plus Addons for…

Read Story

Emergency WordPress Help

One of our techs will get back to you within minutes.