WordPress Plugin Vulnerabilities

Responsive Image Slider, Photo Gallery And Carousel < 1.3.2 - Slider Clone/Save/Delete via CSRF

Description

The plugin has a logic flaw in its CSRF checks in the sf_clone_slider, sf_save_slider and sf_remove_slider AJAX actions, which could allow an attacker to make a logged in user call them via a CSRF attack.

Proof of Concept

Affects Plugins

Plugin icon
slider-factory
Fixed in 1.3.2

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
5.4 (medium)

Miscellaneous

Original Researcher
WPScanTeam
Verified
Yes
WPVDB ID
ccd9db76-82dd-4151-b382-9663e96686ba

Timeline

Publicly Published
2021-10-18 (about 4 years ago)
Added
2021-10-18 (about 4 years ago)
Last Updated
2021-10-18 (about 4 years ago)

Other

Published
Title
Published
2025-09-22
Title
Auction Feed <= 1.1.3 - Cross-Site Request Forgery
Published
2023-06-13
Title
All Bootstrap Blocks < 1.3.7 - Cross-Site Request Forgery
Published
2020-10-14
Title
Live Chat - Live support < 3.2.0 - Cross-Site Request Forgery
Published
2023-11-08
Title
Quiz And Survey Master < 8.1.19 - Multiple Cross-Site Request Forgery
Published
2024-11-26
Title
WordPress Contact Forms by Cimatti < 1.9.3 - Cross-Site Request Forgery via process_bulk_action Function