CVE-2023-37992 - Cross-Site Request Forgery (CSRF) in Smarty for WordPress Plugin (<= 3.1.35) Explained
WordPress is hands down the most popular CMS out there, which makes it an attractive target for attackers. The plugin ecosystem brings huge power to
CVE-2023-41661 - Authenticated Stored XSS in Smarty for WordPress Plugin (<= 3.1.35) — Exploit Analysis & Demo
---
Introduction
WordPress plugins help extend websites with new features. But sometimes, poorly handled features can open doors for attackers — even admins themselves can be