What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in Channelize.io Team Live Shopping & Shoppable Videos For WooCommerce live-shopping-video-streams allows Cross Site Request Forgery.This issue affects Live Shopping & Shoppable Videos For WooCommerce: from n/a through <= 2.2.0.
Explanation of Vulnerability in Simple Terms
02Summary
The Live Shopping & Shoppable Videos For WooCommerce plugin through version 2.2.0 contains a cross-site request forgery (CSRF) vulnerability. An attacker can craft a malicious link or page that, when visited by a logged-in site administrator, performs unwanted actions on the site without their knowledge. The vulnerability requires user interaction and does not expose sensitive data, but can modify site settings or content.
What an attacker can do
03Attacker Capabilities
Trick a logged-in admin into visiting a malicious page that performs unwanted actions on the site.
Potential impact on your site
04Site Impact
Unauthorized changes to plugin settings or site content if an admin visits a malicious link.
Conditions required to exploit
05Prerequisites
Admin must visit attacker-controlled page while logged into WordPress.
Key dates
06Disclosure timeline
December 31, 2025
CVE published
April 28, 2026
Record updated