YITH WooCommerce Ajax Product Filter < 3.11.1 - Authenticated Reflected Cross-Site Scripting (XSS)



Description
The YITH WooCommerce Ajax Product Filter WordPress plugin was affected by an Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in an admin form. The vulnerability was fixed in version 3.11.1 of the plugin.

Affects Plugin

fixed in version 3.11.1

References

URL https://plugins.trac.wordpress.org/changeset/2328555/yith-woocommerce-ajax-navigation
URL https://blog.sucuri.net/2020/06/cross-site-scripting-yith-woocommerce-ajax-product-filter.html

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher John Castro (Sucuri)
Views 932
Verified No
WPVDB ID 10281

Timeline

Publicly Published 2020-06-22 (23 days ago)
Added 2020-06-22 (22 days ago)
Last Updated 2020-06-25 (19 days ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin