Cross-Site Request Forgery Vulnerability in Image Slider With Lightbox Plugin
CVE-2015-10130

5.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Team Circle Image Slider With Lightbox
Vendor: CVE Published:; 13 March 2024

Summary

The Team Circle Image Slider With Lightbox plugin for WordPress possesses a vulnerability that allows unauthenticated attackers to exploit Cross-Site Request Forgery (CSRF) due to inadequate nonce validation in the circle_thumbnail_slider_with_lightbox_image_management_func() function. This security flaw can lead to unauthorized editing of image data, enabling attackers to inject malicious JavaScript code, delete images, and upload harmful files through forged requests. Attackers could leverage social engineering tactics to trick site administrators into executing such actions, further compromising the integrity of the site.

Affected Version(s)

Team Circle Image Slider With Lightbox 1.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 13, 2024
Vulnerability Reserved
Mar 12, 2024

Credit

Ala Arfaoui