Login Sign Up

CVE-2023-23671

7.1 HIGH
CSRF

📋 TL;DR

This CSRF vulnerability in the Muneeb Layer Slider WordPress plugin allows attackers to trick authenticated administrators into performing unauthorized actions. Attackers can create malicious web pages that, when visited by logged-in administrators, can delete posts or pages without their consent. WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • Muneeb Layer Slider WordPress Plugin
Versions: <= 1.1.9.7
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects WordPress installations with the vulnerable plugin activated. Requires administrator authentication for exploitation.

📦 What is this software?

Layer Slider by Web Settler

View all CVEs affecting Layer Slider →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website defacement or destruction through mass deletion of posts, pages, and content, potentially requiring full restoration from backups.

🟠

Likely Case

Targeted deletion of specific posts or pages by attackers who craft malicious links sent to administrators via phishing.

🟢

If Mitigated

No impact if proper CSRF tokens are implemented or administrators don't visit malicious sites while authenticated.

🌐 Internet-Facing: HIGH
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick authenticated administrators into visiting malicious pages. CSRF attacks are well-understood and easy to weaponize.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.1.9.8 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/slider-slideshow/wordpress-layer-slider-plugin-1-1-9-6-cross-site-request-forgery-csrf-leading-to-post-page-deletion-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Layer Slider' plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patched

wp plugin deactivate slider-slideshow

Implement CSRF Protection

all

Add custom CSRF tokens to plugin forms via custom code

🧯 If You Can't Patch

  • Restrict administrator access to trusted networks only
  • Implement strict Content Security Policy (CSP) headers to prevent cross-origin requests

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Layer Slider version number

Check Version:

wp plugin get slider-slideshow --field=version

Verify Fix Applied:

Verify plugin version is 1.1.9.8 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to /wp-admin/admin-ajax.php with delete actions
  • Multiple page/post deletions in short timeframes from same admin user

Network Indicators:

  • Cross-origin requests to WordPress admin endpoints from unexpected domains

SIEM Query:

source="wordpress.log" AND (action="delete_post" OR action="trash_post") AND referer NOT CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2023-23671
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H
CWE: CWE-352
Published: July 11, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-23671, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-10181 9.8

This CVE describes a Cross-Site Request Forgery (CSRF) vulnerability in Sumavision Enhanced Multimed...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)