WordPress Plugin Vulnerabilities

Image Slider by NextCode <= 1.1.2 - Arbitrary Slide Deletion via CSRF

Description

The plugin does not have CSRF in place when deleting slides, allowing attackers to make a logged in admin perform such action via a CSRF attack

Affects Plugins

Plugin icon
baslider
No known fix

References

CVE
CVE-2022-29439

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
7da9387a-1fcf-420d-94dc-9063d07a92a1

Timeline

Publicly Published
2022-05-26 (about 3 years ago)
Added
2022-06-16 (about 3 years ago)
Last Updated
2023-03-19 (about 3 years ago)

Other

Published
Title
Published
2023-01-04
Title
My Calendar < 3.3.25 - Event/Location Deletion via CSRF
Published
2025-04-09
Title
User Registration Using Contact Form 7 < 2.5 - Cross-Site Request Forgery
Published
2026-04-07
Title
Simple Social Media Share Buttons – Social Sharing for Everyone < 6.2.1 - Cross-Site Request Forgery
Published
2023-11-16
Title
Arigato Autoresponder and Newsletter < 2.7.2.3 - CSRF
Published
2022-05-23
Title
Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF