Description

WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently view the content and title of arbitrary posts. WordPress Plugin Responsive Image Slider, Photo Gallery And Carousel version 1.3.5 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.3.6 or latest

References

https://sploitus.com/exploit?id=WPEX-ID:B7697900-C80C-4035-9E2B-AA9A9EC80765

https://plugins.svn.wordpress.org/slider-factory/trunk/readme.txt

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2014-0207)

Elgg Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6563)

WordPress Plugin Add Link to Facebook Multiple Cross-Site Scripting Vulnerabilities (1.215)

WordPress Plugin Inline Tweet Sharer-Twitter Sharing Cross-Site Scripting (2.5.3)

WordPress Plugin Broadcast Live Video-Live Streaming:HTML5, WebRTC, HLS, RTSP, RTMP Multiple Vulnerabilities (4.27.4)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Authentication Bypass