Cross-Site Request Forgery Vulnerability in Master Slider Plugin
CVE-2023-6326

4.3MEDIUM

Key Information:

Vendor
Wordpress
Status
Master Slider – Responsive Touch Slider
Vendor
CVE Published:
2 March 2024

Badges

πŸ“° News Worthy

Summary

The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for unauthenticated attackers to duplicate or delete arbitrary sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected Version(s)

Master Slider – Responsive Touch Slider * <= 3.9.5

News Articles

favicon imagewww.annanowa.com

CVE-2023-6326 | Master Slider Plugin up to 3.9.5 on WordPress process_bulk_action cross-site request forgery – Annanowa

Contact Me Address: Kuzyaka District Milas Mugla ZIP: 48200 Mobile Phone: 05386281520 E Mail: caglararli @ hotmail.com-caglararli @ gmail.com Web Site: www.caglararli.com.tr –...

8 months ago

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/master-slider/...

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • πŸ“°

    First article discovered by www.annanowa.com

  • Vulnerability published

  • Vulnerability Reserved

Credit

Rafshanzani Suhada
.