CVE-2016-20074

WordPress Lazy Content Slider Plugin 3.4 CSRF

CVSS 5.3 MEDIUMEPSS 0.1%CWE-352

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

Affected products

leethompson · Lazy Content Slider Plugin

public PoCs found — 1

cve_referencewww.exploit-db.com/exploits/40070unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.exploit-db.com/exploits/40070 https://www.vulncheck.com/advisories/wordpress-lazy-content-slider-plugin-csrf