CVE-2016-20074 MEDIUM

CVE-2016-20074: WordPress Lazy Content Slider Plugin 3.4 CSRF

Vendor Leethompson

Product Lazy Content Slider Plugin

Weakness CWE-352 · CSRF

Published June 15, 2026

Last update June 15, 2026

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:L/SI:L/SA:L

What the vulnerability does

Description

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.

Key dates

Disclosure timeline

June 15, 2026 CVE published

June 15, 2026 Record updated