Wordpress
July 4, 2020

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

Nick

During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter  plugin.

Current State of the Vulnerability

This security bug was fixed in the 3.11.1 release. We are not aware of any exploit attempts currently using this vulnerability.

Disclosure / Response Timeline

  • Jun 4, 2020: Initial contact.
  • Jun 22, 2020: Patch is live.

Continue reading Cross Site Scripting in YITH WooCommerce Ajax Product Filter at Sucuri Blog.

Share this:
Twitter icon Facebook icon LinkedIn icon Pinterest icon

More great articles

One Million Sites Affected: Four Severe Vulnerabilities Patched in Ninja Forms

On January 20, 2021, our Threat Intelligence team responsibly disclosed four vulnerabilities in Ninja Forms, a WordPress plugin used by…

Read Story
Wordpress
February 16, 2021

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 8, 2024 to April 14, 2024)

Did you know we’re running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for…

Read Story
Wordpress
April 18, 2024

High-Severity Vulnerability Patched in Advanced Access Manager

On August 13, 2020, the Wordfence Threat Intelligence team finished investigating two vulnerabilities in Advanced Access Manager, a WordPress plugin…

Read Story
Wordpress
August 20, 2020

Emergency WordPress Help

One of our techs will get back to you within minutes.