This vulnerability affects the OTWthemes Popping Sidebars and Widgets Light WordPress plugin up to version 1.27. It involves a Cross-Site Request Forgery (CSRF) flaw that can be exploited to perform unauthorized actions when a user interacts with a crafted request. Additionally, the vulnerability allows reflected Cross-Site Scripting (XSS), which can lead to client-side script execution. The CVSS 3.1 base score is 7.1, reflecting network attack vector, low attack complexity, no privileges required, user interaction required, scope changed, and low impact on confidentiality, integrity, and availability.

Successful exploitation could allow an attacker to trick authenticated users into performing unintended actions on the affected plugin, potentially leading to unauthorized changes or information disclosure via reflected XSS. The combined CSRF and XSS issues increase the risk of session hijacking or other client-side attacks. However, there are no known exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Since no official patch or fix information is provided, users should monitor for updates from OTWthemes and apply any released patches promptly. Until a fix is available, consider disabling or limiting the use of the affected plugin to reduce exposure.