Lucene search

WPScanCVE-2024-6490

HistoryJul 26, 2024 - 6:15 a.m.

CVE-2024-6490

2024-07-2606:15:02

WPScan

web.nvd.nist.gov

csrf

unauthorized user

slider deletion

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

9.4%

JSON

During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10.

Affected configurations

Vulners

Vulnrichment

Node

avertamaster_sliderRange≤3.9.10wordpress

VendorProductVersionCPE
avertamaster_slider*cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
averta	master_slider	*	cpe:2.3:a:averta:master_slider::::::wordpress::*

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "Master Slider",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThanOrEqual": "3.9.10"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

Percentile

9.4%

JSON

Related for CVE-2024-6490