Headline
CVE-2022-25608: WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete - Patchstack
Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action.
yoo-slider
Software
Yoo Slider
Vulnerable Versions
<= 2.0.0
Fixed in version
2.1.0
CVE
CVE-2022-25608
References
Credits
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Disclosure Date
2022-03-21
CVSS 3.0 score
Are your websites subject to this vulnerability?
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Yoo Slider plugin (versions <= 2.0.0).
Solution
Update the WordPress Yoo Slider plugin to the latest available version (at least 2.1.0).
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.