CVE-2016-20074

Description

WordPress Lazy Content Slider Plugin 3.4 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by crafting malicious HTML forms. Attackers can trick authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php to modify plugin configuration parameters like lzcs_color and lzcs_count.

PUBLISHED Reserved 2026-06-15 | Published 2026-06-15 | Updated 2026-06-15 | Assigner VulnCheck

Problem types

Cross-Site Request Forgery (CSRF)

Product status

Credits

Persian Hack Team finder

References

www.exploit-db.com/exploits/40070 (ExploitDB-40070) exploit

www.vulncheck.com/...rdpress-lazy-content-slider-plugin-csrf (VulnCheck Advisory: WordPress Lazy Content Slider Plugin 3.4 CSRF) third-party-advisory

cve.org (CVE-2016-20074)

nvd.nist.gov (CVE-2016-20074)

Download JSON