Headline
CVE-2022-27847: WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import - Patchstack
Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates.
yoo-slider
Software
Yoo Slider
Vulnerable Versions
<= 2.0.0
Fixed in version
2.1.0
CVE
CVE-2022-27847
References
Credits
Classification
Cross Site Request Forgery (CSRF)
OWASP Top 10
A5: Broken Access Control
Disclosure Date
2022-04-11
CVSS 3.0 score
Are your websites subject to this vulnerability?
Details
Cross-Site Request Forgery (CSRF) vulnerability leading to Template Import discovered by Ex.Mi (Patchstack) in WordPress Yoo Slider plugin (versions <= 2.0.0).
Solution
Update the WordPress Yoo Slider plugin to the latest available version (at least 2.1.0).
Found a vulnerability that puts your sites at risk?
Found a vulnerability? Help us secure the web and join our community of ethical hackers.
Are you the developer of this software? Hire our researchers for a thorough security audit.