CVE-2022-44630
Received Received - Intake
Cross-Site Request Forgery in YITH WooCommerce Product Slider Carousel

Publication date: 2026-06-11

Last updated on: 2026-06-11

Assigner: Patchstack

Description
Cross-Site request forgery (CSRF) vulnerability in YITH YITH WooCommerce Product Slider Carousel allows Cross Site Request Forgery. This issue affects YITH WooCommerce Product Slider Carousel: from n/a through 1.16.0.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-11
Last Modified
2026-06-11
Generated
2026-06-11
AI Q&A
2026-06-11
EPSS Evaluated
N/A
NVD
CVE-2022-44630
EUVD
EUVD-2022-56004
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
yith yith_woocommerce_product_slider_carousel From 1.0.0 (inc) to 1.16.0 (inc)
yith yith_woocommerce_product_slider_carousel 1.16.1
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The immediate mitigation step is to update the YITH WooCommerce Product Slider Carousel plugin to version 1.16.1 or later, where this CSRF vulnerability is patched.

Additionally, ensure that users with higher privileges are cautious about clicking on suspicious links or submitting untrusted forms, as the vulnerability requires user interaction.

Executive Summary

CVE-2022-44630 is a Cross Site Request Forgery (CSRF) vulnerability in the YITH WooCommerce Product Slider Carousel WordPress plugin versions 1.16.0 and below.

This vulnerability allows an attacker to trick higher-privileged users into executing unwanted actions while authenticated, by making them click a malicious link or submit a crafted form.

The issue requires user interaction and can lead to unauthorized actions being performed under the user's credentials.

Impact Analysis

This vulnerability can impact you by allowing attackers to perform unauthorized actions on your WordPress site if a privileged user interacts with a malicious link or form.

Such actions could include changes to settings or content that the privileged user is authorized to perform, potentially compromising the integrity of your site.

Because the attack requires user interaction, the risk can be mitigated by user awareness and updating the plugin to a patched version.

Detection Guidance

This vulnerability is a Cross-Site Request Forgery (CSRF) issue affecting the YITH WooCommerce Product Slider Carousel plugin versions 1.16.0 and below.

Detection typically involves verifying the plugin version installed on your WordPress site to see if it is 1.16.0 or earlier.

There are no specific network or system commands provided to detect this vulnerability directly.

To check the plugin version, you can use WordPress CLI commands such as:

  • wp plugin list --status=active
  • Look for 'yith-woocommerce-product-slider-carousel' and verify its version.
Compliance Impact

The provided information does not specify how the CVE-2022-44630 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2022-44630. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart