Description
Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light sidebar-manager-light allows Cross Site Request Forgery.This issue affects Sidebar Manager Light: from n/a through <= 1.18.
Published: 2025-05-07
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a CSRF flaw in the OTWthemes Sidebar Manager Light plugin. An attacker can trick an authenticated user into sending a forged request that causes the plugin to perform unintended actions, such as modifying sidebar content or deleting content. This flaw allows an attacker to abuse the user’s privileges without their knowledge, potentially compromising the confidentiality, integrity, or availability of the site. The weakness corresponds to CWE‑352.

Affected Systems

This issue affects the OTWthemes Sidebar Manager Light WordPress plugin, with versions from the initial release through 1.18. Users running any of those releases are vulnerable if the plugin remains activated. No additional vendor products or versions are listed in the current data.

Risk and Exploitability

The CVSS score of 4.3 places the vulnerability in the low‑impact range, and an EPSS score of less than 1 % indicates a very low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. An attacker would need to lure a logged‑in user to interact with a malicious site or data feed, making the risk contingent on user behavior and site exposure. Because exploitation requires a victim’s authenticated session, the threat is softer than high‑risk remote code execution but still warrants remediation.

Generated by OpenCVE AI on April 30, 2026 at 13:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OTWthemes Sidebar Manager Light to at least version 1.19 or the latest release provided by the vendor
  • If an upgrade cannot be performed immediately, disable or restrict the plugin or remove its CSRF‑vulnerable functions from the site
  • Deploy a web application firewall or WordPress security plugin that detects and blocks CSRF attempts targeting plugin endpoints
  • Inform users of the risk and consider disabling the plugin until a patch is available

Generated by OpenCVE AI on April 30, 2026 at 13:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-13745 Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.18.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.18. Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light sidebar-manager-light allows Cross Site Request Forgery.This issue affects Sidebar Manager Light: from n/a through <= 1.18.
Title WordPress Sidebar Manager Light <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability WordPress Sidebar Manager Light plugin <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00017}

 epss

{'score': 0.0002}

Wed, 07 May 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 07 May 2025 14:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Sidebar Manager Light allows Cross Site Request Forgery. This issue affects Sidebar Manager Light: from n/a through 1.18.
Title WordPress Sidebar Manager Light <= 1.18 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:47.936Z

Reserved: 2025-05-07T10:45:13.129Z

Link: CVE-2025-47647

cve-icon Vulnrichment

Updated: 2025-05-07T17:19:15.295Z

cve-icon NVD

Status : Deferred

Published: 2025-05-07T15:16:17.460

Modified: 2026-04-23T15:30:40.333

Link: CVE-2025-47647

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T13:15:37Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)