CVE-2022-2382

Name of the Vulnerable Software and Affected Versions Product Slider for WooCommerce WordPress plugin versions prior to 2.5.7

Description The issue concerns flawed CSRF checks and a lack of authorization in some AJAX actions of the plugin, allowing any authenticated users to call them. This could enable the deletion of arbitrary blog options by authenticated users, such as subscribers.

Recommendations For versions prior to 2.5.7, update to version 2.5.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the AJAX actions until the update is applied.