Cross Site Scripting in YITH WooCommerce Ajax Product Filter

During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin.

Current State of the Vulnerability

This security bug was fixed in the 3.11.1 release. We are not aware of any exploit attempts currently using this vulnerability.

Disclosure / Response Timeline

Jun 4, 2020: Initial contact.
Jun 22, 2020: Patch is live.

Continue reading Cross Site Scripting in YITH WooCommerce Ajax Product Filter at Sucuri Blog.

Via Sucuri.net

Tags: Vulnerability Disclosure

Stratusclear.org

Stratusclear Network

Cross Site Scripting in YITH WooCommerce Ajax Product Filter

Subscribe to MailChimp