The aatmaadhikari Apa Banner Slider plugin version 1.0.0 and earlier is affected by a Cross-Site Request Forgery (CSRF) vulnerability that can be exploited remotely without privileges and requires user interaction. The CVSS vector indicates network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, high confidentiality impact, no integrity impact, and low availability impact. The description also references SQL Injection, but the primary documented vulnerability is CSRF. No official patch or fix is currently documented.

Successful exploitation of this vulnerability could allow an attacker to perform unauthorized actions on behalf of an authenticated user, potentially leading to confidentiality breaches. The CVSS score of 8.2 reflects a high impact on confidentiality and limited impact on availability. There is no indication of integrity impact. No known exploits are currently reported in the wild.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider disabling or removing the affected plugin or implementing additional CSRF protections at the application or server level. Monitor official vendor channels for updates.