Cross-Site Request Forgery Vulnerability in Carousel Slider Plugin by Sayful Islam
CVE-2024-45269

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Carousel Slider
Vendor: CVE Published:; 2 September 2024

Summary

The Carousel Slider plugin for WordPress, developed by Sayful Islam, contains a cross-site request forgery (CSRF) vulnerability in its carousel image selection feature. This flaw allows an attacker to craft a malicious webpage that, when accessed by a logged-in user of the WordPress site, could lead to unauthorized changes to the content. As a result, the integrity of the site and the user’s data can be compromised. Website administrators are encouraged to review their installations and apply necessary updates to mitigate this risk.

Affected Version(s)

Carousel Slider prior to 2.0

References

https://github.com/sayful1/carousel-slider

https://wordpress.org/plugins/carousel-slider/

https://jvn.jp/en/jp/JVN25264194/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 2, 2024