What the vulnerability does
01Description
Cross-Site Request Forgery (CSRF) vulnerability in hamsalam ووسلام – همگام سازی ووکامرس و باسلام sync-basalam allows Cross Site Request Forgery.This issue affects ووسلام – همگام سازی ووکامرس و باسلام: from n/a through <= 1.9.1.
Explanation of Vulnerability in Simple Terms
02Summary
A cross-site request forgery (CSRF) vulnerability in Hamsalam's WooCommerce synchronization plugin allows an attacker to perform unauthorized actions on behalf of an authenticated site administrator. The vulnerability requires the admin to visit a malicious webpage while logged in. An attacker can modify plugin settings or trigger unintended operations without the admin's knowledge or consent.
What an attacker can do
03Attacker Capabilities
Perform unauthorized actions on the site by tricking an admin into visiting a malicious webpage.
Potential impact on your site
04Site Impact
Plugin settings could be changed or unintended operations triggered without your knowledge.
Conditions required to exploit
05Prerequisites
Site admin must be logged in and visit an attacker-controlled webpage.
Key dates
06Disclosure timeline
July 13, 2026
CVE published