CVE Catalog

CVE-2016-20074

MediumCVSS 4.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.11%

1th percentile — higher than 1% of all known CVEs

Summary

The WordPress Lazy Content Slider Plugin version 3.4 contains a cross-site request forgery (CSRF) vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms.

Risk Assessment

Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page, which may lead to unauthorized modification of plugin configuration parameters.

Recommendation

It is recommended to update the plugin to the latest version and implement CSRF protection mechanisms.

Original NVD description (English source)

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS