Lucene search

JpcertCVE-2024-45270

HistorySep 02, 2024 - 12:15 a.m.

CVE-2024-45270

2024-09-0200:15:11

CWE-352

jpcert

web.nvd.nist.gov

wordpress

carousel slider

sayful islam

cross-site request forgery

hero image

vulnerability

crafted page

user alteration

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

21.3%

JSON

WordPress plugin “Carousel Slider” provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.

Affected configurations

Nvd

Vulners

Node

majeedrazacarousel_sliderRange<2.2.4wordpress

VendorProductVersionCPE
majeedrazacarousel_slider*cpe:2.3:a:majeedraza:carousel_slider:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
majeedraza	carousel_slider	*	cpe:2.3:a:majeedraza:carousel_slider::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Sayful Islam",
    "product": "Carousel Slider",
    "versions": [
      {
        "version": "prior to 2.2.4",
        "status": "affected"
      }
    ]
  }
]

References

github.com/sayful1/carousel-slider

jvn.jp/en/jp/JVN25264194/

wordpress.org/plugins/carousel-slider/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

AI Score

6.5

Confidence

High

EPSS

0.001

Percentile

21.3%

JSON

Related for CVE-2024-45270