Description
Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery.

This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0.
Published: 2026-06-11
Score: 4.6 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a cross‑site request forgery flaw in the YITH WooCommerce Product Slider Carousel WordPress plugin that allows an attacker to trick an authenticated user into submitting forged requests that perform unintended actions within the website.

Affected Systems

Affected are installations of the YITH WooCommerce Product Slider Carousel plugin for WordPress version 1.16.0 and earlier; all versions through 1.16.0 contain the flaw.

Risk and Exploitability

The flaw carries a CVSS score of 4.6, indicating moderate risk. The EPSS score is not available, and the vulnerability is not listed in CISA KEV. The attack vector is inferred to be cross‑site forgery that requires an authenticated session; an attacker can perform unauthorized actions if they can lure a site admin or logged‑in user into visiting a malicious site.

Generated by OpenCVE AI on June 11, 2026 at 11:20 UTC.

Remediation

Vendor Solution

Update the WordPress YITH WooCommerce Product Slider Carousel plugin to the latest available version (at least 1.16.1).

OpenCVE Recommended Actions

  • Immediately update the plugin to version 1.16.1 or newer, which removes the CSRF vulnerability.
  • During the update, verify that the plugin's configuration does not expose endpoints that can be triggered without proper authentication and CSRF tokens.
  • Limit administrative access to trusted accounts and monitor for anomalous requests to the product slider routes.

Generated by OpenCVE AI on June 11, 2026 at 11:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 11 Jun 2026 13:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 11 Jun 2026 10:00:00 +0000

Type Values Removed Values Added
Description Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0.
Title WordPress YITH WooCommerce Product Slider Carousel plugin <= 1.16.0 - Cross-Site Request Forgery (CSRF)
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.6, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-11T12:34:39.802Z

Reserved: 2022-11-02T13:01:27.886Z

Link: CVE-2022-44630

cve-icon Vulnrichment

Updated: 2026-06-11T12:34:36.440Z

cve-icon NVD

Status : Received

Published: 2026-06-11T10:16:20.870

Modified: 2026-06-11T10:16:20.870

Link: CVE-2022-44630

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-11T11:30:06Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)