YITH WooCommerce Compare: Untrusted Data Can Execute Malicious Code

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.2

YITH WooCommerce Compare: Untrusted Data Can Execute Malicious Code

CVE-2026-22333

Summary

The YITH WooCommerce Compare plugin allows hackers to inject malicious code into your website. This can happen if you're using an older version of the plugin (3.6.0 or earlier). To protect your site, update to the latest version of YITH WooCommerce Compare.

Original title

Deserialization of Untrusted Data vulnerability in YITHEMES YITH WooCommerce Compare yith-woocommerce-compare allows Object Injection.This issue affects YITH WooCommerce Compare: from n/a through <...

Original description

nvd CVSS3.1 7.2

Vulnerability type

CWE-502 Deserialization of Untrusted Data

https://patchstack.com/database/Wordpress/Plugin/yith-woocommerce-compare/vulner...

Published: 19 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026