Loading market data...
← Back to CVE feed

CVE-2016-20074

MEDIUM CVSS 4.3 View on NVD ↗

Description

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Published: Jun 15, 2026 14:16 UTC Modified: Jun 15, 2026 20:50 UTC