cleantalk
Vulnerabilities and Security Researches

YITH WooCommerce Popup, c83b989380a83d9cef3752583ac9575bdde45305

CVE, Research URL

c83b989380a83d9cef3752583ac9575bdde45305

Home page URL

Security reports for YITH WooCommerce Popup

Application

YITH WooCommerce Popup

Published on
-
Research Description
YITH WooCommerce Popup [yith-woocommerce-popup] < 1.21.1 WordPress YITH WooCommerce Popup Plugin <= 1.21.0 is vulnerable to Cross Site Request Forgery (CSRF) Update the WordPress YITH WooCommerce Popup plugin to the latest available version (at least 1.21.1). Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress YITH WooCommerce Popup Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. For example a password change which will then allow the malicious actor to login into the admin account. This vulnerability has been fixed in version 1.21.1.
Affected versions
Min -, max 1.21.1.
Status
vulnerable
Previous vulnerability researches
YITH WooCommerce Popup (c83b989380a83d9cef3752583ac9575bdde45305) , Jun 07, 2024
YITH WooCommerce Popup (CVE-2025-54675) , Aug 01, 2025
New vulnerability
Medical Addon for Elementor (CVE-2025-8212) , Aug 05, 2025
PressForward (CVE-2025-28987) , Aug 05, 2025
Custom Word Cloud (CVE-2025-8317) , Aug 04, 2025
360 Photo Spheres (CVE-2025-4588) , Aug 04, 2025
BuddyPress XProfile Custom Image Field (CVE-2025-48158) , Aug 04, 2025