Arbitrary Nonce Generation Vulnerability Affects Depicter Slider and Carousel Plugin for WordPress
CVE-2024-4390
6.5MEDIUM
Key Information
- Vendor
- Averta
- Status
- Slider & Popup Builder By Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
- Vendor
- Published:
- 20 June 2024
Summary
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks.
Affected Version(s)
Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.0.2
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Timeline
Vulnerability published.
Disclosed
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
Arkadiusz Hydzik