Cross-Site Request Forgery Vulnerability in Thumbnail Slider With Lightbox for WordPress
CVE-2023-5820

8.8HIGH

Key Information:

Vendor: Wordpress
Status: Thumbnail Slider With Lightbox
Vendor: CVE Published:; 27 October 2023

Summary

The Thumbnail Slider With Lightbox plugin for WordPress contains a vulnerability that arises from inadequate nonce validation on its add/edit functionality. This flaw allows unauthenticated attackers to exploit the system by tricking legitimate site administrators into executing actions they did not intend, such as clicking on malicious links. Successfully exploiting this vulnerability could lead to unauthorized file uploads on affected WordPress sites, compromising their integrity and security.

Affected Version(s)

Thumbnail Slider With Lightbox 1.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/wp-responsive-slider-with-l...

https://plugins.trac.wordpress.org/changeset?sfp_email=&s...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Oct 27, 2023
Vulnerability Reserved
Oct 26, 2023

Credit

Ala Arfaoui