EUVD-2024-44023

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Depicter plugin for WordPress vulnerable to Arbitrary Nonce Generation allowing unauthorized actions

Reporter	Title	Published	Views	Family All 9
CNNVD	WordPress Plugin Slider and Carousel slider by Depicter Security Vulnerability	20 Jun 202400:00	–	cnnvd
CVE	CVE-2024-4390	20 Jun 202403:37	–	cve
Cvelist	CVE-2024-4390 Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation	20 Jun 202403:37	–	cvelist
NVD	CVE-2024-4390	20 Jun 202404:15	–	nvd
Patchstack	WordPress Depicter Slider Plugin <= 3.0.2 is vulnerable to Broken Access Control	19 Jun 202400:00	–	patchstack
Patchstack	WordPress Depicter plugin <= 3.0.2 - Authenticated Arbitrary Nonce Generation vulnerability	19 Jun 202417:16	–	patchstack
RedhatCVE	CVE-2024-4390	23 May 202509:25	–	redhatcve
Vulnrichment	CVE-2024-4390 Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation	20 Jun 202403:37	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)	27 Jun 202415:00	–	wordfence

[
  {
    "enisaIdVendor": [
      {
        "id": "38174aef-3586-383d-9488-6956affadd8a",
        "vendor": {
          "name": "Averta"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "1e0945ce-dc6b-389d-b4dc-3e0f8647647a",
        "product": {
          "name": "Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel"
        },
        "product_version": "* ≤3.0.2"
      }
    ]
  }
]

Source	Link
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/dd7c3a5d-b8aa-45cb-983c-55ba7e3d72f3
plugins	www.plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Controllers/Ajax/SecurityAjaxController.php
plugins	www.plugins.trac.wordpress.org/changeset

03 Oct 2025 20:07Current

6.6Medium risk

Vulners AI Score6.6

CVSS 3.16.5

EPSS0.00514

SSVC