To plugin page

Fixed

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete

5.4

CVSS 3.1 score Medium severity

Monitoring Coming soon

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

Yoo Slider

Type

Plugin

Vulnerable versions

<= 2.0.0

Fixed in

2.1.0

PSID

fd2829af4c74

CVE ID

CVE-2022-25608

Classification

Cross Site Request Forgery (CSRF)

OWASP Top 10

A5: Broken Access Control

Required privilege

Credits

Ngo Van Thien (Alliance)

Publicly disclosed

2022-03-21

Details

Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Yoo Slider plugin (versions <= 2.0.0).

Solution

Update the WordPress Yoo Slider plugin to the latest available version (at least 2.1.0).

References

CVE-2022-25608 Plugin changelog

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete

Details

Solution

References

Other known vulnerabilities for Yoo Slider

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete

Details

Solution

References

Other known vulnerabilities for Yoo Slider

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

Let us know if we have missed a vulnerability reported elsewhere

Thank you for contributing!