Vulnerabilities and security researches foryith-woocommerce-popup yith-woocommerce-popup

Jun 07, 2024

CVE, Research URL: c83b989380a83d9cef3752583ac9575bdde45305
Home page URL: Security reports for YITH WooCommerce Popup
Application: YITH WooCommerce Popup
Date: -
Research Description: YITH WooCommerce Popup [yith-woocommerce-popup] < 1.21.1 WordPress YITH WooCommerce Popup Plugin <= 1.21.0 is vulnerable to Cross Site Request Forgery (CSRF) Update the WordPress YITH WooCommerce Popup plugin to the latest available version (at least 1.21.1). Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress YITH WooCommerce Popup Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. For example a password change which will then allow the malicious actor to login into the admin account. This vulnerability has been fixed in version 1.21.1.
Affected versions: Min -, max -.
Status: vulnerable

Aug 01, 2025

CVE, Research URL: CVE-2025-54675
Home page URL: Security reports for YITH WooCommerce Popup
Application: YITH WooCommerce Popup
Date: -
Research Description: YITH WooCommerce Popup [yith-woocommerce-popup] < 1.48.1 CVE-2025-54675
Affected versions: Min -, max -.
Status: vulnerable