Recent Posts Slider <= 1.1 – Cross-Site Request Forgery | CVE 2023-35778

Affects Plugins

No known fix

References

CVE

CVE-2023-35778

URL

https://patchstack.com/database/vulnerability/recent-posts-slider/wordpress-recent-posts-slider-plugin-1-1-cross-site-request-forgery-csrf-vulnerability

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

CVSS

4.3 (medium)

Miscellaneous

Original Researcher

LEE SE HYOUNG

Verified

No

WPVDB ID

9f855848-b5a4-45b8-bbed-ef7380c0601c

Timeline

Publicly Published

2023-06-16 (about 2 years ago)

Added

2023-07-11 (about 2 years ago)

Last Updated

2023-07-11 (about 2 years ago)

Other

Published

Title

Published

2024-04-11

Title

Float menu < 6.0.1 - Menu Deletion via CSRF

Published

2026-02-13

Title

Grand Car Rental <= 3.6.9 - Cross-Site Request Forgery

Published

2025-05-30

Title

Real Time Validation for Gravity Forms <= 1.7.0 - Cross-Site Request Forgery

Published

2025-04-11

Title

Listings for Buildium < 0.1.6 - Stored XSS via CSRF

Published

2023-11-28

Title

Prevent Landscape Rotation < 2.1 - Settings Update via CSRF