CVE-2016-20074

MEDIUM 4.3

WordPress Lazy Content Slider Plugin 3.4 CSRF

CVSS Score

4.3

EPSS Score

0.0%

EPSS Percentile

0th

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.

CWE	CWE-352
Vendor	leethompson
Product	lazy content slider plugin
Published	Jun 15, 2026

Stay Ahead of the Next One

Get instant alerts for leethompson lazy content slider plugin

Be the first to know when new medium vulnerabilities affecting leethompson lazy content slider plugin are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

Affected Versions

leethompson / Lazy Content Slider Plugin

3.4

References

NVD ↗ CVE.org ↗ EPSS Data ↗

exploit-db.com: https://www.exploit-db.com/exploits/40070 vulncheck.com: https://www.vulncheck.com/advisories/wordpress-lazy-content-slider-plugin-csrf

Credits

Persian Hack Team