PatchSiren cyber security CVE debrief
CVE-2016-20074 leethompson CVE debrief
CVE-2016-20074 is a cross-site request forgery (CSRF) vulnerability in the WordPress Lazy Content Slider Plugin version 3.4. This vulnerability allows attackers to perform unauthorized actions by crafting malicious HTML forms, tricking authenticated administrators into submitting POST requests to the plugin settings page via lzcs_admin.php. This can lead to modifications of plugin configuration parameters such as lzcs_color and lzcs_count.
- Vendor
- leethompson
- Product
- Lazy Content Slider Plugin
- CVSS
- MEDIUM 5.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of WordPress Lazy Content Slider Plugin version 3.4 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS score of 5.3 and a severity of MEDIUM. It requires a low attack complexity (AC:L) and can be exploited over the network (AV:N). The vulnerability allows attackers to modify plugin configuration parameters without user interaction (UI:N).
Defensive priority
MEDIUM
Recommended defensive actions
- Update the WordPress Lazy Content Slider Plugin to a version that is not vulnerable.
- Implement additional security measures to prevent CSRF attacks, such as validating user requests and using secure tokens.
Evidence notes
The vulnerability was reported by [email protected] and is referenced in the NVD database.
Official resources
CVE-2016-20074 was published on 2026-06-15T14:16:30.663Z and has not been modified since then.