Log out
Get PRO

Latest

Access violation vulnerability in 45 YITHEMES plugins

  • Severity: high-risk
  • Status: Open
  • Publication: November 11, 2022

Several plugins made by YITHEMES that can be used with WordPress are vulnerable to authorization bypass. Without the proper security check on the create_log_file function, an attacker who is logged in with a subscriber-level account or higher may be able to download the logs of the plugin. This can reveal sensitive information. It is important to note that the unpatched versions of the plugins are only the free versions that were available on the WordPress.org repository. The premium versions of the plugins have been patched by the developer.

Detected in:

YITH Color and Label Variations for WooCommerce fixed vulnerable versions: >= * <= 1.25.0
YITH Essential Kit for WooCommerce #1 fixed vulnerable versions: >= * <= 2.13.0
YITH Frequently Bought Together for WooCommerce fixed vulnerable versions:
YITH Infinite Scrolling fixed vulnerable versions: >= * <= 1.7.0
YITH PayPal Express Checkout for WooCommerce fixed vulnerable versions: >= * <= 1.20.0
YITH Pre-Order for WooCommerce fixed vulnerable versions: >= * <= 2.5.0
YITH Request a Quote for WooCommerce fixed vulnerable versions: >= * <= 2.15.0
YITH WooCommerce Affiliates fixed vulnerable versions: >= * <= 2.7.0
YITH WooCommerce Ajax Product Filter fixed vulnerable versions: >= * <= 4.15.0
YITH WooCommerce Ajax Search fixed vulnerable versions: >= * <= 1.25.0
YITH WooCommerce Badge Management fixed vulnerable versions: >= * <= 2.10.0
YITH WooCommerce Brands Add-On fixed vulnerable versions: >= * <= 2.5.0
YITH WooCommerce Catalog Mode fixed vulnerable versions: >= * <= 2.16.0
YITH WooCommerce Compare fixed vulnerable versions: >= * <= 2.20.0
YITH WooCommerce Featured Video fixed vulnerable versions: >= * <= 1.18.0
YITH WooCommerce Frequently Bought Together fixed vulnerable versions: >= * <= 1.18.0
YITH WooCommerce Gift Cards fixed vulnerable versions: >= * <= 2.14.0
YITH WooCommerce Order & Shipment Tracking fixed vulnerable versions: >= * <= 2.7.0
YITH WooCommerce Popup fixed vulnerable versions: >= * <= 1.21.0
YITH WooCommerce Product Add-Ons fixed vulnerable versions: >= * <= 2.15.0
YITH WooCommerce Product Bundles fixed vulnerable versions: >= * <= 1.16.0
YITH WooCommerce Product Gallery & Image Zoom fixed vulnerable versions: >= * <= 2.14.0
YITH WooCommerce Product Slider Carousel fixed vulnerable versions: >= * <= 1.16.0
YITH WooCommerce Quick View fixed vulnerable versions: >= * <= 1.21.0
YITH WooCommerce Subscription fixed vulnerable versions: >= * <= 2.16.0
YITH WooCommerce Tab Manager fixed vulnerable versions: >= * <= 1.17.0
YITH WooCommerce Wishlist fixed vulnerable versions: >= * <= 3.14.0
YITH Custom Thank You Page for WooCommerce open vulnerable versions: >= * <= 1.9.0
YITH Donations for WooCommerce open vulnerable versions: >= * <= 1.3.0
YITH PayPal Payments for WooCommerce open vulnerable versions: >= * <= 1.3.1
YITH WooCommerce Added to Cart Popup open vulnerable versions: >= * <= 1.8.0
YITH WooCommerce Advanced Reviews open vulnerable versions: >= * <= 1.7.0
YITH WooCommerce Authorize.net Payment Gateway open vulnerable versions: >= * <= 1.2.6
YITH WooCommerce Bulk Product Editing open vulnerable versions: >= * <= 1.2.27
YITH WooCommerce Cart Messages open vulnerable versions: >= * <= 1.8.0
YITH WooCommerce Category Accordion open vulnerable versions: >= * <= 1.6.0
YITH WooCommerce Mailchimp open vulnerable versions: >= * <= 2.5.0
YITH WooCommerce Multi Vendor open vulnerable versions: >= * <= 3.9.0
YITH WooCommerce Multi-step Checkout open vulnerable versions: >= * <= 2.0.5
YITH WooCommerce Name Your Price open vulnerable versions: >= * <= 1.3.0
YITH WooCommerce PDF Invoice and Shipping List open vulnerable versions: >= * <= 1.3.0
YITH WooCommerce Points and Rewards open vulnerable versions: >= * <= 1.6.1
YITH WooCommerce Questions and Answers open vulnerable versions: >= * <= 1.5.0
YITH WooCommerce Social Login open vulnerable versions: >= * <= 1.4.9
YITH WooCommerce Stripe open vulnerable versions: >= * <= 2.0.17
YITH WooCommerce Waitlist open vulnerable versions: >= * <= 1.21.0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.