Japan Vulnerability NotesJVN:25264194JVN#25264194: Multiple vulnerabilities in WordPress plugin "Carousel Slider"
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
21.3%
WordPress plugin “Carousel Slider” provided by Sayful Islam contains 2 CSRF vulnerabilities listed below.
Cross-site request forgery on Carousel image selection feature (CWE-352) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-45269Cross-site request forgery on Hero image selection feature (CWE-352) CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N Base Score 4.3 CVE-2024-45270
Impact
While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
Solution
Update the plugin
Update the plugin to the latest version according to the information provided by the developer.
Products Affected
CVE-2024-45269
-
Carousel Slider versions prior to 2.0
CVE-2024-45270 -
Carousel Slider versions prior to 2.2.4
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
21.3%