WordPress Plugin Vulnerabilities

Smart App Banner < 1.1.3 - Cross-Site Request Forgery (CSRF)

Description

The plugin does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in user to submit a crafted request.

Affects Plugins

Plugin icon
smart-app-banner
Fixed in 1.1.3

References

CVE
CVE-2023-33315
URL
https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/smart-app-banner/smart-app-banner-112-cross-site-request-forgery-via-wsl-smart-app-banner-options
URL
https://patchstack.com/database/vulnerability/smart-app-banner/wordpress-smart-app-banner-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Yuki Haruma
Verified
No
WPVDB ID
986ae113-1228-4573-a0d2-746d5844a232

Timeline

Publicly Published
2023-05-21 (about 2 years ago)
Added
2023-05-29 (about 2 years ago)
Last Updated
2023-05-29 (about 2 years ago)

Other

Published
Title
Published
2025-04-17
Title
Advanced Dynamic Pricing for WooCommerce < 4.9.5 - Cross-Site Request Forgery to Settings Update
Published
2024-10-15
Title
File Manager Pro < 8.3.10 - Cross-Site Request Forgery to Arbitrary File Upload
Published
2024-09-25
Title
Use Any Font < 6.3.09 - Cross-Site Request Forgery
Published
2025-06-27
Title
Relocate Upload <= 0.24.1 - Cross-Site Request Forgery
Published
2021-07-05
Title
Flash Games <= 2.2 - CSRF Bypass