WordPress Plugin Vulnerabilities

Yoo Slider < 2.1.0 - Arbitrary Slider Duplication/Deletion via CSRF

Description

The plugin does not have CSRF in place when duplicating and deleting sliders, which could allow attackers to make logged in users perform such actions

Affects Plugins

Plugin icon
yoo-slider
Fixed in 2.1.0

References

CVE
CVE-2022-25608

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
Ngo Van Thien
Verified
No
WPVDB ID
b5d1ea40-8d07-47f1-8103-cef6534f35de

Timeline

Publicly Published
2022-03-21 (about 4 years ago)
Added
2022-03-24 (about 4 years ago)
Last Updated
2022-04-11 (about 4 years ago)

Other

Published
Title
Published
2024-08-16
Title
Bricks < 1.8.2 - Cross-Site Request Forgery via reset_settings
Published
2025-05-19
Title
Affiliates Manager Google reCAPTCHA Integration < 1.0.7 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-11-28
Title
SVGator – Add Animated SVG Easily < 1.2.5 - API Token Update/Deletion & Import Projects via CSRF
Published
2026-03-10
Title
Modular Connector < 2.6.0 - Cross-Site Request Forgery via postConfirmOauth
Published
2026-02-08
Title
Lemmony < 1.7.1 - Cross-Site Request Forgery