CVE-2024-4455
HIGH EXPLOITED NUCLEIYITH WooCommerce Ajax Search <2.4.0 - XSS
Title source: llmDescription
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Nuclei Templates (1)
YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting
HIGHVERIFIEDby Shivam Kamboj
References (3)
Scores
CVSS v3
7.2
EPSS
0.0815
EPSS Percentile
92.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2024-05-24
CWE
CWE-79
Status
published
Products (2)
yithemes/YITH WooCommerce Ajax Search
< 2.4.0
yithemes/yith_woocommerce_ajax_search
< 2.4.1
Published
May 24, 2024
Tracked Since
Feb 18, 2026