Description
Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.
Published: 2025-06-17
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Cross‑Site Request Forgery (CWE‑352) that enables a malicious site to trigger unauthenticated WP‑admin actions through the YITH PayPal Express Checkout for WooCommerce plugin while a legitimate user is logged in. Attackers could use this flaw to change plugin settings, alter payment flows, or otherwise perform administrative operations without the victim’s consent. The impact is an unauthorized state change affecting the integrity of the WooCommerce checkout configuration.

Affected Systems

Affects the YITHEMES YITH PayPal Express Checkout for WooCommerce WordPress plugin versions up to and including 1.49.0. Users running any earlier or later version are not impacted.

Risk and Exploitability

The CVSS v3.1 score is 4.3, indicating moderate severity, while the EPSS score of less than 1% suggests low exploit probability and the vulnerability is not listed in the CISA KEV catalog. The likely attack vector is remote, requiring a user to be authenticated to the WordPress admin and then visit a crafted malicious link or site that submits a forged request. Because the flaw manipulates state rather than bypassing authentication, the overall risk is moderate, but it remains a valid concern for sites with privileged admin users.

Generated by OpenCVE AI on April 30, 2026 at 11:12 UTC.

Remediation

Vendor Solution

Update the WordPress YITH PayPal Express Checkout for WooCommerce plugin to the latest available version (at least 1.49.1).

OpenCVE Recommended Actions

  • Update the YITH PayPal Express Checkout for WooCommerce plugin to version 1.49.1 or later.
  • After updating, review and re‑apply any custom configuration settings to ensure they remain intact.
  • If the plugin cannot be updated immediately, consider deactivating it temporarily or restricting access to the plugin’s administrative pages using a firewall or security plugin that blocks unauthenticated requests.

Generated by OpenCVE AI on April 30, 2026 at 11:12 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-18510 Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.
History

Tue, 17 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in YITHEMES YITH PayPal Express Checkout for WooCommerce allows Cross Site Request Forgery. This issue affects YITH PayPal Express Checkout for WooCommerce: from n/a through 1.49.0.
Title WordPress YITH PayPal Express Checkout for WooCommerce plugin <= 1.49.0 - Cross Site Request Forgery (CSRF) vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

Wordpress Wordpress
Yithemes Yith Paypal Express Checkout For Woocommerce
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:51.827Z

Reserved: 2025-05-15T17:54:48.128Z

Link: CVE-2025-48111

cve-icon Vulnrichment

Updated: 2025-06-17T15:39:42.706Z

cve-icon NVD

Status : Deferred

Published: 2025-06-17T15:15:44.133

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-48111

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T11:15:35Z

Weaknesses