CVE-2016-20074
MEDIUM SEVERITYCVSS Score & Metrics
Base Score
4.3 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Description
WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-352
Source
NVD
Vendor
leethompson
Product
Lazy Content Slider Plugin
Discussion (0)
Add Comment
No comments yet. Be the first!