WordPress Plugin Vulnerabilities

Thumbnail Slider With Lightbox < 1.0.1 - Image Lightboxes via CSRF

Description

The plugin does not have CSRF check when deleting image lightboxes, which could allow attackers to make logged in admins perform such action via a CSRF attack

Affects Plugins

Plugin icon
wp-responsive-slider-with-lightbox
Fixed in 1.0.1

References

CVE
CVE-2023-5531

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ala Arfaoui
Verified
No
WPVDB ID
2077aea9-0721-43e1-b0e1-0cb06f13554c

Timeline

Publicly Published
2023-10-11 (about 2 years ago)
Added
2023-10-12 (about 2 years ago)
Last Updated
2023-10-12 (about 2 years ago)

Other

Published
Title
Published
2025-01-24
Title
WP Fast Total Search < 1.79.262 - Cross-Site Request Forgery
Published
2023-07-10
Title
Custom Field Template < 2.5.9 - Cross-Site Request Forgery
Published
2023-07-26
Title
Update ands from Zip File <= 2.0.0 - CSRF
Published
2021-08-09
Title
WordPress Download Manager < 3.2.13 - Email Template Setting Update via CSRF
Published
2023-11-20
Title
Analytify Dashboard < 5.2.0 - Cross-Site Request Forgery