Vulnerabilities and security researches foryith-woocommerce-catalog-mode yith-woocommerce-catalog-mode

Jun 07, 2024

CVE, Research URL: 1d5378fa84417ac83125d865cfa8bd5f43f74f1d
Home page URL: Security reports for YITH WooCommerce Catalog Mode
Application: YITH WooCommerce Catalog Mode
Date: -
Research Description: YITH WooCommerce Catalog Mode [yith-woocommerce-catalog-mode] < 2.16.1 WordPress YITH WooCommerce Catalog Mode Plugin <= 2.16.0 is vulnerable to Cross Site Request Forgery (CSRF) Update the WordPress YITH WooCommerce Catalog Mode plugin to the latest available version (at least 2.16.1). Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress YITH WooCommerce Catalog Mode Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. For example a password change which will then allow the malicious actor to login into the admin account. This vulnerability has been fixed in version 2.16.1.
Affected versions: max 2.16.1.
Status: vulnerable