CVE-2023-5945
Summary
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the video carousel slider with lightbox plugin for WordPress (version 1.0). This flaw stems from inadequate nonce validation in a specific function, allowing unauthenticated attackers to delete videos by tricking an administrator into clicking a malicious link.
IFF Assessment
The vulnerability allows unauthenticated attackers to delete content on a website without the administrator's explicit consent, posing a direct threat to site integrity and data.
Severity
Defender Context
This CSRF vulnerability highlights the ongoing risk posed by unpatched or outdated plugins in WordPress environments. Defenders should prioritize regular plugin updates and implement security measures to detect and prevent forged requests targeting administrative actions.