CVE-2023-5945: 
WordPress vulnerability analysis and mitigation

The video carousel slider with lightbox plugin version 1.0 for WordPress contains a Cross-Site Request Forgery (CSRF) vulnerability. The issue was discovered and disclosed on November 2, 2023, affecting the responsivevideogallerywithlightboxvideomanagement_func() function due to missing or incorrect nonce validation (NVD).

The vulnerability stems from improper security controls in the video management functionality. The CVSS v3.1 base score is 5.4 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L according to NVD assessment. Wordfence assigned a slightly lower CVSS score of 4.3 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N (NVD).

The vulnerability allows unauthenticated attackers to delete videos from the video slider by tricking site administrators into performing specific actions, such as clicking on malicious links. This can result in unauthorized content removal and potential disruption of the website's video gallery functionality (NVD).

A patch has been released in version 1.0.1 of the plugin that addresses the CSRF vulnerability by implementing proper nonce validation. Site administrators are advised to update to the latest version (WordPress Plugin).