PatchSiren

YITH CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM YITH CVE published 2026-06-11

CVE-2022-44630

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the YITH WooCommerce Product Slider Carousel plugin. This issue, identified as CVE-2022-44630, affects the plugin from its inception up to version 1.16.0. The vulnerability has a CVSS score of 4.6, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N, which suggests that the vulnerability can [truncated]

HIGH YITH CVE published 2026-05-20

CVE-2026-42383

CVE-2026-42383 is a high-severity blind SQL injection issue in YITH WooCommerce Product Add-Ons, affecting versions through 4.29.0. The supplied CVSS vector indicates network exposure with high privileges required and no user interaction, with confidentiality impact rated high.