Vulnerability Details CVE-2022-2223
The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 37.7%
CVSS Severity
CVSS v3 Score 5.4
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6356e226-a449-4cd0-be60-2a1c9c70aa59?source=cve
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2223
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/6356e226-a449-4cd0-be60-2a1c9c70aa59?source=cve
- https://www.wordfence.com/vulnerability-advisories/#CVE-2022-2223
Products affected by CVE-2022-2223
-
cpe:2.3:a:ghozylab:image_slider:1.0.0
-
cpe:2.3:a:ghozylab:image_slider:1.0.1
-
cpe:2.3:a:ghozylab:image_slider:1.0.3
-
cpe:2.3:a:ghozylab:image_slider:1.0.5
-
cpe:2.3:a:ghozylab:image_slider:1.0.7
-
cpe:2.3:a:ghozylab:image_slider:1.0.9
-
cpe:2.3:a:ghozylab:image_slider:1.1.0
-
cpe:2.3:a:ghozylab:image_slider:1.1.1
-
cpe:2.3:a:ghozylab:image_slider:1.1.10
-
cpe:2.3:a:ghozylab:image_slider:1.1.100
-
cpe:2.3:a:ghozylab:image_slider:1.1.101
-
cpe:2.3:a:ghozylab:image_slider:1.1.103
-
cpe:2.3:a:ghozylab:image_slider:1.1.105
-
cpe:2.3:a:ghozylab:image_slider:1.1.107
-
cpe:2.3:a:ghozylab:image_slider:1.1.109
-
cpe:2.3:a:ghozylab:image_slider:1.1.11
-
cpe:2.3:a:ghozylab:image_slider:1.1.110
-
cpe:2.3:a:ghozylab:image_slider:1.1.111
-
cpe:2.3:a:ghozylab:image_slider:1.1.113
-
cpe:2.3:a:ghozylab:image_slider:1.1.115
-
cpe:2.3:a:ghozylab:image_slider:1.1.117
-
cpe:2.3:a:ghozylab:image_slider:1.1.119
-
cpe:2.3:a:ghozylab:image_slider:1.1.121
-
cpe:2.3:a:ghozylab:image_slider:1.1.13
-
cpe:2.3:a:ghozylab:image_slider:1.1.15
-
cpe:2.3:a:ghozylab:image_slider:1.1.17
-
cpe:2.3:a:ghozylab:image_slider:1.1.19
-
cpe:2.3:a:ghozylab:image_slider:1.1.21
-
cpe:2.3:a:ghozylab:image_slider:1.1.23
-
cpe:2.3:a:ghozylab:image_slider:1.1.25
-
cpe:2.3:a:ghozylab:image_slider:1.1.27
-
cpe:2.3:a:ghozylab:image_slider:1.1.29
-
cpe:2.3:a:ghozylab:image_slider:1.1.3
-
cpe:2.3:a:ghozylab:image_slider:1.1.30
-
cpe:2.3:a:ghozylab:image_slider:1.1.31
-
cpe:2.3:a:ghozylab:image_slider:1.1.33
-
cpe:2.3:a:ghozylab:image_slider:1.1.35
-
cpe:2.3:a:ghozylab:image_slider:1.1.37
-
cpe:2.3:a:ghozylab:image_slider:1.1.39
-
cpe:2.3:a:ghozylab:image_slider:1.1.41
-
cpe:2.3:a:ghozylab:image_slider:1.1.43
-
cpe:2.3:a:ghozylab:image_slider:1.1.45
-
cpe:2.3:a:ghozylab:image_slider:1.1.47
-
cpe:2.3:a:ghozylab:image_slider:1.1.49
-
cpe:2.3:a:ghozylab:image_slider:1.1.5
-
cpe:2.3:a:ghozylab:image_slider:1.1.50
-
cpe:2.3:a:ghozylab:image_slider:1.1.51
-
cpe:2.3:a:ghozylab:image_slider:1.1.53
-
cpe:2.3:a:ghozylab:image_slider:1.1.55
-
cpe:2.3:a:ghozylab:image_slider:1.1.57
-
cpe:2.3:a:ghozylab:image_slider:1.1.59
-
cpe:2.3:a:ghozylab:image_slider:1.1.61
-
cpe:2.3:a:ghozylab:image_slider:1.1.63
-
cpe:2.3:a:ghozylab:image_slider:1.1.65
-
cpe:2.3:a:ghozylab:image_slider:1.1.67
-
cpe:2.3:a:ghozylab:image_slider:1.1.69
-
cpe:2.3:a:ghozylab:image_slider:1.1.7
-
cpe:2.3:a:ghozylab:image_slider:1.1.70
-
cpe:2.3:a:ghozylab:image_slider:1.1.71
-
cpe:2.3:a:ghozylab:image_slider:1.1.73
-
cpe:2.3:a:ghozylab:image_slider:1.1.75
-
cpe:2.3:a:ghozylab:image_slider:1.1.77
-
cpe:2.3:a:ghozylab:image_slider:1.1.79
-
cpe:2.3:a:ghozylab:image_slider:1.1.81
-
cpe:2.3:a:ghozylab:image_slider:1.1.83
-
cpe:2.3:a:ghozylab:image_slider:1.1.85
-
cpe:2.3:a:ghozylab:image_slider:1.1.87
-
cpe:2.3:a:ghozylab:image_slider:1.1.89
-
cpe:2.3:a:ghozylab:image_slider:1.1.9
-
cpe:2.3:a:ghozylab:image_slider:1.1.90
-
cpe:2.3:a:ghozylab:image_slider:1.1.91
-
cpe:2.3:a:ghozylab:image_slider:1.1.93
-
cpe:2.3:a:ghozylab:image_slider:1.1.95
-
cpe:2.3:a:ghozylab:image_slider:1.1.97
-
cpe:2.3:a:ghozylab:image_slider:1.1.99