PatchSiren cyber security CVE debrief
CVE-2022-44630 YITH CVE debrief
A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the YITH WooCommerce Product Slider Carousel plugin. This issue, identified as CVE-2022-44630, affects the plugin from its inception up to version 1.16.0. The vulnerability has a CVSS score of 4.6, indicating a medium severity level. The CVSS vector is CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N, which suggests that the vulnerability can be exploited over the network with low privileges and requires user interaction.
- Vendor
- YITH
- Product
- YITH WooCommerce Product Slider Carousel
- CVSS
- MEDIUM 4.6
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-11
- Original CVE updated
- 2026-06-11
- Advisory published
- 2026-06-11
- Advisory updated
- 2026-06-11
Who should care
Administrators and users of the YITH WooCommerce Product Slider Carousel plugin, especially those using versions up to 1.16.0, should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The CVE-2022-44630 vulnerability is categorized under CWE-352, Cross-Site Request Forgery. This type of vulnerability occurs when an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to.
Defensive priority
MEDIUM
Recommended defensive actions
- Update the YITH WooCommerce Product Slider Carousel plugin to a version beyond 1.16.0, if available.
- Implement CSRF protection mechanisms if updating is not feasible.
- Monitor the plugin's official website or trusted sources like Patchstack for updates and patches.
Evidence notes
The information provided is based on data from official sources, including CVE.org and the National Vulnerability Database (NVD).
Official resources
-
CVE-2022-44630 CVE record
CVE.org
-
CVE-2022-44630 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2022-44630 was published on 2026-06-11T10:16:20.870Z and modified on 2026-06-11T14:42:47.007Z.