8211
Monthly
Cross-Site Request Forgery in the Woosalam (ووسلام - همگام سازی ووکامرس و باسلام) WooCommerce-to-Basalam sync plugin for WordPress lets a remote attacker forge state-changing requests that a logged-in victim's browser executes, affecting all versions from an unspecified initial release through 1.9.1. Because the plugin fails to validate request authenticity (CWE-352), an attacker who lures an authenticated user to a malicious page can trigger high-integrity changes with no attacker authentication required (CVSS 7.1). No public exploit identified at time of analysis and the flaw is not on CISA KEV.
Cross-Site Request Forgery in the Woosalam (ووسلام - همگام سازی ووکامرس و باسلام) WooCommerce-to-Basalam sync plugin for WordPress lets a remote attacker forge state-changing requests that a logged-in victim's browser executes, affecting all versions from an unspecified initial release through 1.9.1. Because the plugin fails to validate request authenticity (CWE-352), an attacker who lures an authenticated user to a malicious page can trigger high-integrity changes with no attacker authentication required (CVSS 7.1). No public exploit identified at time of analysis and the flaw is not on CISA KEV.