Headline
CVE-2022-29439: WordPress Image Slider by NextCode plugin <= 1.1.2 - Slider Deletion via Cross-Site Request Forgery (CSRF) vulnerability - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability in Image Slider by NextCode plugin <= 1.1.2 at WordPress allows deleting slides.
Not fixed
5.4
CVSS 3.1 score Medium severity
Monitoring Coming soon
Software
Image Slider by NextCode
Vulnerable versions
<= 1.1.2
PSID
8f6d0a17dc52
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-05-26
Details
Slider Deletion via Cross-Site Request Forgery (CSRF) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Image Slider by NextCode plugin (versions <= 1.1.2).
Solution
Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download. This closure is temporary, pending a full review.
References
CVE-2022-29439 Plugin page