CVE-2026-61956
Received Received - Intake

Cross-Site Request Forgery in ووسلام – همگام سازی ووکامرس و باسلام

Vulnerability report for CVE-2026-61956, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-13

Last updated on: 2026-07-13

Assigner: Patchstack

Description

Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام &#8211; همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام &#8211; همگام سازی ووکامرس و باسلام: from n/a through <= 1.9.1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-13
Last Modified
2026-07-13
Generated
2026-07-13
AI Q&A
2026-07-13
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-352 The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Request Forgery (CSRF) issue found in the WordPress plugin "ووسلام – همگام سازی ووکامرس و باسلام" (WooSalam – WooCommerce and Basalam Synchronization) version 1.9.1 and earlier.

CSRF vulnerabilities allow attackers to trick authenticated users into performing unwanted actions on a web application without their consent, typically by clicking a malicious link or visiting a crafted page.

In this case, attackers could force higher-privileged users to execute actions under their current authentication, potentially compromising the security or integrity of the affected system.

The vulnerability requires user interaction for exploitation and has been patched in version 1.9.2.

Impact Analysis

If exploited, this CSRF vulnerability could allow attackers to perform unauthorized actions on your WordPress site through the vulnerable plugin while you are authenticated.

This could lead to unauthorized changes or operations being executed with your privileges, potentially compromising your site's data integrity or functionality.

Since the vulnerability requires user interaction, the risk increases if users with higher privileges are tricked into clicking malicious links or visiting crafted pages.

Updating the plugin to version 1.9.2 or later is strongly recommended to mitigate this risk.

Mitigation Strategies

The vulnerability affects the WordPress plugin "ووسلام – همگام سازی ووکامرس و باسلام" (WooSalam – WooCommerce and Basalam Synchronization) version 1.9.1 and earlier.

The immediate step to mitigate this vulnerability is to update the plugin to version 1.9.2 or later, where the issue has been patched.

If updating is not possible immediately, it is recommended to seek assistance from a hosting provider or a web developer to apply necessary mitigations.

Patchstack users can also enable auto-updates for vulnerable plugins to ensure timely patching.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-61956. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart