Cross-Site Request Forgery Vulnerability in Thumbnail Slider With Lightbox for WordPress
CVE-2023-5820

9.6CRITICAL

Key Information:

Vendor: WordPress
Status: Thumbnail Slider With Lightbox
Vendor: CVE Published:; 27 October 2023

What is CVE-2023-5820?

The Thumbnail Slider With Lightbox plugin for WordPress contains a vulnerability that arises from inadequate nonce validation on its add/edit functionality. This flaw allows unauthenticated attackers to exploit the system by tricking legitimate site administrators into executing actions they did not intend, such as clicking on malicious links. Successfully exploiting this vulnerability could lead to unauthorized file uploads on affected WordPress sites, compromising their integrity and security.

Affected Version(s)

Thumbnail Slider With Lightbox 1.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/wp-responsive-slider-with-l...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Oct 26, 2023

Credit

Ala Arfaoui