Lucene search

[email protected]NVD:CVE-2024-45270

HistorySep 02, 2024 - 12:15 a.m.

CVE-2024-45270

2024-09-0200:15:11

CWE-352

[email protected]

web.nvd.nist.gov

sayful islam

wordpress

carousel slider

cross-site request forgery

csrf

vulnerability

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

21.3%

JSON

WordPress plugin “Carousel Slider” provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.

Affected configurations

Nvd

Node

majeedrazacarousel_sliderRange<2.2.4wordpress

VendorProductVersionCPE
majeedrazacarousel_slider*cpe:2.3:a:majeedraza:carousel_slider:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
majeedraza	carousel_slider	*	cpe:2.3:a:majeedraza:carousel_slider::::::wordpress::*

References

github.com/sayful1/carousel-slider

jvn.jp/en/jp/JVN25264194/

wordpress.org/plugins/carousel-slider/

CVSS3

4.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

EPSS

0.001

Percentile

21.3%

JSON

Related for NVD:CVE-2024-45270

vulnrichment1 cvelist1 cve1 jvn1 wordfence1