Description
WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel is prone to a cross-site request forgery vulnerability. Exploiting this issue may allow a remote attacker to perform certain administrative actions and gain unauthorized access to the affected application; other attacks are also possible. WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel version 1.3.1 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.2 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:CCD9DB76-82DD-4151-B382-9663E96686BA
https://plugins.svn.wordpress.org/slider-factory/trunk/readme.txt
Related Vulnerabilities
WordPress Plugin Joy Of Text Lite-SMS messaging for WordPress SQL Injection (2.3.0)
WordPress Plugin NextGEN Gallery-WordPress Gallery 'Gallery Path' Field Cross-Site Scripting (1.9.5)
WordPress Plugin AMP for WP-Accelerated Mobile Pages Multiple Unspecified Vulnerabilities (0.9.72)
Apache Tomcat Session Fixation Vulnerability (CVE-2019-17563)
WordPress Plugin Awesome Support-WordPress HelpDesk & Support Cross-Site Scripting (5.8.0)