Headline
CVE-2022-29437: WordPress Image Slider by NextCode plugin <= 1.1.2 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities - Patchstack
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in Image Slider by NextCode plugin <= 1.1.2 at WordPress.
Not fixed
5.4
CVSS 3.1 score Medium severity
Monitoring Coming soon
Software
Image Slider by NextCode
Vulnerable versions
<= 1.1.2
PSID
298a34c5dadc
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Publicly disclosed
2022-05-26
Details
Multiple Cross-Site Request Forgery (CSRF) vulnerabilities were discovered by BEE-K (Patchstack) in the WordPress Image Slider by NextCode plugin (versions <= 1.1.2).
Solution
Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download. This closure is temporary, pending a full review.
References
CVE-2022-29437 Plugin page