WordPress Plugin Vulnerabilities

Image Slider < 1.1.123 - Arbitrary Post Duplication via CSRF

Description

The plugin does not have CSRF check in place when duplicating a post or page, which could allow attackers to make a logged in a admin duplicate them via a CSRF attack

Affects Plugins

Plugin icon
image-slider-widget
Fixed in 1.1.123

References

CVE
CVE-2022-2223

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Marco Wotschka
Verified
Yes
WPVDB ID
4045ea54-c25f-4c0b-83f0-d48bb965a330

Timeline

Publicly Published
2022-06-30 (about 3 years ago)
Added
2022-06-30 (about 3 years ago)
Last Updated
2023-04-06 (about 2 years ago)

Other

Published
Title
Published
2021-10-04
Title
BP Better Messages < 1.9.9.41 - Multiple CSRF
Published
2023-06-26
Title
WooCommerce Ship to Multiple Addresses < 3.8.6 - Billing Address Update via CSRF
Published
2024-04-22
Title
Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction < 2.11.1 - Cross-Site Request Forgery to Notice Dismissal
Published
2025-03-24
Title
EZ SQL Reports Shortcode Widget and DB Backup 4.11.13 - 5.25.08 - Cross-Site Request Forgery to Remote Code Execution
Published
2024-06-21
Title
Newspack Newsletters < 2.13.3 - Cross-Site Request Forgery