The Lobot Slider Administrator plugin for WordPress is vulnerable to Cross‑Site Request Forgery due to missing or incorrect nonce validation in the fourty_slider_options_page function. This flaw allows an unauthenticated attacker who can entice a site administrator into clicking a crafted link to modify the plugin’s slider‑page configuration without authorization. The possible impact includes unauthorized changes to how the slider displays or functions, which could alter the site’s appearance or lead to unauthorized content injection.

The vulnerability affects all installations of the Lobot Slider Administrator WordPress plugin with versions up to and including 0.6.0. Users who have not upgraded beyond version 0.6.0 are potentially exposed if a site administrator is targeted by a social‑engineering attack. The affected vendor is chuckmo, and the plugin name is Lobot Slider Administrator.

The CVSS base score of 4.3 indicates a medium severity rating. The exploit requires an attacker to get a site administrator to submit a forged request; therefore it is not a purely remote exploitation vector and no publicly disclosed exploits are available. The vulnerability is not in the CISA KEV catalog and there is no EPSS score. Because the attacker can potentially alter settings, the overall risk is moderate, but applying the vendor’s update immediately mitigates the issue.