Arbitrary Nonce Generation Vulnerability Affects Depicter Slider and Carousel Plugin for WordPress

CVE-2024-4390

6.5MEDIUM

Key Information

Vendor: Averta
Status: Slider & Popup Builder By Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel
Vendor: Published:; 20 June 2024

Summary

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks.

Affected Version(s)

Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel <= 3.0.2

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Timeline

Vulnerability published.
Jun 20, 2024
Disclosed
Jun 19, 2024
Vulnerability Reserved.
May 1, 2024

Collectors

NVD DatabaseMitre Database

Credit

Arkadiusz Hydzik