WordPress Plugin Vulnerabilities

Layer Slider <= 1.1.9.7 - Cross-Site Request Forgery

Description

The plugin does not adequately protect against Cross-Site Request Forgery (CSRF) attacks.

Affects Plugins

Plugin icon
slider-slideshow
No known fix

References

CVE
CVE-2023-23671
URL
https://patchstack.com/database/vulnerability/slider-slideshow/wordpress-layer-slider-plugin-1-1-9-6-cross-site-request-forgery-csrf-leading-to-post-page-deletion-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
7.1 (high)

Miscellaneous

Original Researcher
Rafshanzani Suhada
Verified
No
WPVDB ID
7b9d675b-02f7-45b3-be39-ef5b612d5320

Timeline

Publicly Published
2023-04-19 (about 3 years ago)
Added
2023-07-11 (about 2 years ago)
Last Updated
2023-07-11 (about 2 years ago)

Other

Published
Title
Published
2025-05-16
Title
Element Pack Pro < 8.0.0 - Cross-Site Request Forgery
Published
2023-09-13
Title
10Web Map Builder for Google Maps < 1.0.74 - Cross-Site Request Forgery to Notice Dismissal
Published
2025-01-24
Title
Radius Blocks < 2.2.0 - Cross-Site Request Forgery
Published
2022-05-26
Title
Image Slider by NextCode <= 1.1.2 - Arbitrary Slide Deletion via CSRF
Published
2014-08-01
Title
Nightlife by Templatic - CSRF File Upload