Lobot Slider Administrator plugin for WordPress allows unauthorized menu changes

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

4.3

Lobot Slider Administrator plugin for WordPress allows unauthorized menu changes

CVE-2026-3331

Summary

The Lobot Slider Administrator plugin for WordPress is not properly securing its settings page, allowing attackers to trick an administrator into changing the plugin's configuration without their knowledge. This can lead to unauthorized changes to the plugin's settings. To fix this, update to version 0.6.1 or later or uninstall the plugin if it's not essential to your site.

Original title

Original description

The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.6.0. This is due to missing or incorrect nonce validation on the fourty_slider_options_page function. This makes it possible for unauthenticated attackers to modify plugin slider-page configuration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

nvd CVSS3.1 4.3

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

Published: 21 Mar 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026