Cross Site Scripting in YITH WooCommerce Ajax Product Filter

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter  plugin.

Current State of the Vulnerability

This security bug was fixed in the 3.11.1 release. We are not aware of any exploit attempts currently using this vulnerability.

Disclosure / Response Timeline

  • Jun 4, 2020: Initial contact.
  • Jun 22, 2020: Patch is live.

Continue reading Cross Site Scripting in YITH WooCommerce Ajax Product Filter at Sucuri Blog.

Via Sucuri.net

Tags: