Lucene search

[email protected]NVD:CVE-2024-45269

HistorySep 02, 2024 - 12:15 a.m.

CVE-2024-45269

2024-09-0200:15:11

CWE-352

[email protected]

web.nvd.nist.gov

wordpress

carousel slider

sayful islam

cross-site request forgery

vulnerability

unauthorized alteration

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

21.3%

JSON

WordPress plugin “Carousel Slider” provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.

Affected configurations

Nvd

Node

majeedrazacarousel_sliderRange<2.0wordpress

VendorProductVersionCPE
majeedrazacarousel_slider*cpe:2.3:a:majeedraza:carousel_slider:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
majeedraza	carousel_slider	*	cpe:2.3:a:majeedraza:carousel_slider::::::wordpress::*

References

github.com/sayful1/carousel-slider

jvn.jp/en/jp/JVN25264194/

wordpress.org/plugins/carousel-slider/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

21.3%

JSON

Related for NVD:CVE-2024-45269

vulnrichment1 cve1 cvelist1 osv1 jvn1 wordfence1