CSRF Vulnerability in Sync-basalam Plugin for WooCommerce
CVE-2026-61956

7.1HIGH

What is CVE-2026-61956?

The Sync-basalam plugin for WooCommerce is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability. This flaw enables an attacker to execute unauthorized actions on behalf of an authenticated user, potentially compromising user data and site functionality. The issue affects versions of Sync-basalam up to and including 1.9.1, making it crucial for site administrators to apply necessary security patches and updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

ووسلام &#8211; همگام سازی ووکامرس و باسلام 0 <= 1.9.1

References

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Ananda Dhakal (Patchstack)
.