PatchSiren

YITH CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH YITH CVE published 2026-05-20

CVE-2026-42383

CVE-2026-42383 is a high-severity blind SQL injection issue in YITH WooCommerce Product Add-Ons, affecting versions through 4.29.0. The supplied CVSS vector indicates network exposure with high privileges required and no user interaction, with confidentiality impact rated high.