What is the severity of CVE-2022-2223?

CVE-2022-2223 is classified as a medium severity vulnerability due to its potential for exploitation by unauthenticated attackers.

How do I fix CVE-2022-2223?

To fix CVE-2022-2223, update the Image Slider plugin to version 1.1.122 or later, where the vulnerability has been addressed.

Who is affected by CVE-2022-2223?

CVE-2022-2223 affects all WordPress sites using the Image Slider plugin version 1.1.121 and earlier.

What type of vulnerability is CVE-2022-2223?

CVE-2022-2223 is a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthorized actions against the WordPress site.

Can CVE-2022-2223 be exploited remotely?

Yes, CVE-2022-2223 can be exploited remotely by attackers to duplicate posts without requiring authentication.

Vulnerability/
CVE-2022-2223

medium

5.4

CWE

352

18/7/2022

3/8/2024

CVE-2022-2223: CSRF

First published: Mon Jul 18 2022(Updated: )

The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewic_duplicate_slider. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link.

Credit: security@wordfence.com security@wordfence.com

Affected Software	Affected Version	How to fix
GhozyLab Image Slider Widget	<=1.1.121

Remedy

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2749352%40image-slider-widget&new=2749352%40image-slider-widget&sfp_email=&sfph_mail=

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2022-2223?
CVE-2022-2223 is classified as a medium severity vulnerability due to its potential for exploitation by unauthenticated attackers.
How do I fix CVE-2022-2223?
To fix CVE-2022-2223, update the Image Slider plugin to version 1.1.122 or later, where the vulnerability has been addressed.
Who is affected by CVE-2022-2223?
CVE-2022-2223 affects all WordPress sites using the Image Slider plugin version 1.1.121 and earlier.
What type of vulnerability is CVE-2022-2223?
CVE-2022-2223 is a Cross-Site Request Forgery (CSRF) vulnerability that allows unauthorized actions against the WordPress site.
Can CVE-2022-2223 be exploited remotely?
Yes, CVE-2022-2223 can be exploited remotely by attackers to duplicate posts without requiring authentication.

agent/author
agent/type
agent/event
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/remedy
agent/severity
agent/last-modified-date
agent/weakness
agent/references
agent/description
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
agent/tags
agent/softwarecombine
agent/source
vendor/ghozylab
canonical/ghozylab image slider widget
version/ghozylab image slider widget/1.1.121

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.