To plugin page

Fixed

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete

5.4

CVSS 3.1 score Medium severity

Report

Monitoring Not reported to be exploited

Find out about vulnerable plugins in your websites for free.

Scan your website

Software

Yoo Slider

Type

Plugin

Vulnerable versions

<= 2.0.0

Fixed in

2.1.0

PSID

fd2829af4c74

CVE ID

CVE-2022-25608

Classification

Cross Site Request Forgery (CSRF)

OWASP Top 10

A5: Broken Access Control

Required privilege

Credits

Ngo Van Thien (Alliance)

Publicly disclosed

2022-03-21

Details

Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Yoo Slider plugin (versions <= 2.0.0).

Solution

Update the WordPress Yoo Slider plugin to the latest available version (at least 2.1.0).

References

CVE-2022-25608 Plugin changelog

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete

Details

Solution

References

Other known vulnerabilities for Yoo Slider

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

WordPress Yoo Slider plugin <= 2.0.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to slider Duplicate/Delete

Details

Solution

References

Other known vulnerabilities for Yoo Slider

Submit vulnerabilities and become a verified Alliance member

All solutions

WordPress security

Patchstack

Social

All solutions

WordPress Security

Patchstack

Social

© 2022 Patchstack

Let us know if we have missed a vulnerability reported elsewhere

Thank you for contributing!