Cross-Site Request Forgery Vulnerability in Image Slider With Lightbox Plugin
CVE-2015-10130

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Team Circle Image Slider With Lightbox
Vendor: CVE Published:; 13 March 2024

What is CVE-2015-10130?

The Team Circle Image Slider With Lightbox plugin for WordPress possesses a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the circle_thumbnail_slider_with_lightbox_image_management_func() function. This security flaw can lead to unauthorized editing of image data, enabling attackers to inject malicious JavaScript code, delete images, and upload harmful files through forged requests. Attackers could leverage social engineering tactics to trick site administrators into executing such actions, further compromising the integrity of the site.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Team Circle Image Slider With Lightbox 1.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Mar 12, 2024

Credit

Ala Arfaoui

JSON

Wordpress

What is CVE-2015-10130?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.