WordPress Plugin Vulnerabilities

Yoo Slider < 2.1.0 - Arbitrary Template Import via CSRF

Description

The plugin does not have CSRF check in place when importing template, which could allow attackers to make a logged in admin perform such action via a CSRF attack

Affects Plugins

Plugin icon
yoo-slider
Fixed in 2.1.0

References

CVE
CVE-2022-27847

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ex.Mi
Verified
No
WPVDB ID
4f2f6754-14b0-468c-abe3-3cebfa61d38c

Timeline

Publicly Published
2022-04-11 (about 4 years ago)
Added
2022-04-14 (about 4 years ago)
Last Updated
2022-04-18 (about 4 years ago)

Other

Published
Title
Published
2014-08-01
Title
Cool Video Gallery 1.8 - lib/core.php Multiple Actions CSRF
Published
2025-11-17
Title
Top Friends <= 0.3 - Cross-Site Request Forgery to Settings Update
Published
2025-01-16
Title
PayForm <= 2.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2017-07-25
Title
YouTube Embed <= 11.8.1 - Cross-Site Request Forgery (CSRF)
Published
2023-09-09
Title
ProfilePress < 4.13.2 Cross-Site Request Forgery via 'admin_notice'