Layer Slider 6.2.0 CSRF to XSS to SQLi with POC

The LayerSlider v6.2.0 suffers from multiple vulnerabilities: Cross-site Request Forgery aka. CSRF The ls_save_screen_options function does not validate the request with a nonce. function ls_save_screen_options() { $_POST['options'] = !empty($_POST['options']) ? $_POST['options'] : array(); update_option('ls-screen-options', $_POST['options']); die(); } This function is…