CVE-2026-61956 HIGH

CVE-2026-61956: WordPress ووسلام – همگام سازی ووکامرس و باسلام plugin <= 1.9.1 - Cross Site Request Forgery (CSRF) vulnerability

Vendor Hamsalam
Product ووسلام &#8211; همگام سازی ووکامرس و باسلام
Weakness CWE-352 · CSRF
Published July 13, 2026
Last update July 13, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:H/A:N

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام &#8211; همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام &#8211; همگام سازی ووکامرس و باسلام: from n/a through <= 1.9.1.

Explanation of Vulnerability in Simple Terms

02Summary

A cross-site request forgery (CSRF) vulnerability in Hamsalam's WooCommerce synchronization plugin allows an attacker to perform unauthorized actions on behalf of an authenticated site administrator. The vulnerability requires the admin to visit a malicious webpage while logged in. An attacker can modify plugin settings or trigger unintended operations without the admin's knowledge or consent.

What an attacker can do

03Attacker Capabilities

Perform unauthorized actions on the site by tricking an admin into visiting a malicious webpage.

Potential impact on your site

04Site Impact

Plugin settings could be changed or unintended operations triggered without your knowledge.

Conditions required to exploit

05Prerequisites

Site admin must be logged in and visit an attacker-controlled webpage.

Key dates

06Disclosure timeline

July 13, 2026 CVE published

Related vulnerabilities

08Related CVE