1 results (0.002 seconds)
CVSS: 5.4EPSS: %CPEs: 1EXPL: 0
CVSS: 5.4EPSS: %CPEs: 1EXPL: 0CVE-2023-25703 – Meta Slider and Carousel with Lightbox <= 1.6.2 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2023-25703
The Meta Slider and Carousel with Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.2. This is due to missing or incorrect nonce validation on the 'wp_igsp_get_attachment_edit_form' and 'wp_igsp_save_attachment_data' functions. This makes it possible for unauthenticated attackers to modify attachment data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •