Lucene search

Ngo Van Thien (Alliance project)PATCHSTACK:3F44AC96B35D96347D2F555267CF1A74

HistoryMay 26, 2022 - 12:00 a.m.

WordPress Image Slider by NextCode plugin <= 1.1.2 - Slider Deletion via Cross-Site Request Forgery (CSRF) vulnerability

2022-05-2600:00:00

Ngo Van Thien (Alliance project)

patchstack.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Slider Deletion via Cross-Site Request Forgery (CSRF) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Image Slider by NextCode plugin (versions <= 1.1.2).

Solution

Deactivate and delete. This plugin has been closed as of May 20, 2022 and is not available for download. This closure is temporary, pending a full review.

CPENameOperatorVersion
image slider by nextcodele1.1.2

CPE	Name	Operator	Version
	image slider by nextcode	le	1.1.2

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29439

wordpress.org/plugins/baslider/

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

JSON

Related for PATCHSTACK:3F44AC96B35D96347D2F555267CF1A74