Home Embedded Vulns General Vulns

CVE-2016-20074

MEDIUM 4.3

Our Analysis: General Purpose

Our model has classified this vulnerability as relevant to General Purpose Systems, helping your team prioritize efforts effectively.

Published Date June 15, 2026
Last Modified June 15, 2026
CVSS Vector CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Description

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.

Potentially Affected Vendors