WordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Request Forgery (CSRF)
CVE-2023-37992

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Smarty For WordPress
Vendor: CVE Published:; 3 October 2023

Summary

A cross-site request forgery (CSRF) vulnerability has been identified in the Smarty for WordPress plugin developed by PressPage Entertainment Inc. This issue affects versions 3.1.35 and earlier, allowing attackers to perform unauthorized actions on behalf of users without their knowledge, potentially compromising user accounts and sensitive information. Timely patching is essential to mitigate the risks associated with this vulnerability.

Affected Version(s)

Smarty for WordPress <= 3.1.35

References

https://patchstack.com/database/vulnerability/smarty-for-...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 3, 2023
Vulnerability Reserved
Jul 11, 2023

Credit

Prasanna V Balaji (Patchstack Alliance)