PT-2025-36192 · WordPress · Popping Sidebars/Widgets Light

Nguyen Xuan Chien

·

Published

2025-09-05

·

Updated

2025-09-05

·

CVE-2025-58853

Report an issue
CVSS v3.1
7.1
VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Name of the Vulnerable Software and Affected Versions:

OTWthemes Popping Sidebars and Widgets Light versions through 1.27

Description:

A Cross-Site Request Forgery (CSRF) vulnerability exists in OTWthemes Popping Sidebars and Widgets Light, which also allows Reflected Cross-Site Scripting (XSS).

Recommendations:

Update OTWthemes Popping Sidebars and Widgets Light to a version later than 1.27.

Fix

CSRF

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-58853

Affected Products

Popping Sidebars/Widgets Light