During a routine research audit for our Sucuri Web Application Firewall, we discovered a cross-site scripting (XSS) vulnerability affecting 100,000+ users of the YITH WooCommerce Ajax Product Filter plugin.
Current State of the Vulnerability
This security bug was fixed in the 3.11.1 release. We are not aware of any exploit attempts currently using this vulnerability.
Disclosure / Response Timeline
- Jun 4, 2020: Initial contact.
- Jun 22, 2020: Patch is live.