Cross-Site Request Forgery Vulnerability in Carousel Slider Plugin by Sayful Islam
CVE-2024-45270

4.3MEDIUM

Key Information:

Vendor: Wordpress
Status: Carousel Slider
Vendor: CVE Published:; 2 September 2024

Summary

The Carousel Slider plugin developed by Sayful Islam for WordPress contains a cross-site request forgery vulnerability affecting the Hero image selection feature. This vulnerability allows an attacker to craft a malicious page that, when visited by a logged-in user with the plugin activated, can lead to unauthorized modifications of the WordPress site’s content. It is crucial for users of the Carousel Slider plugin to be aware of this issue and implement necessary security measures to safeguard their sites.

Affected Version(s)

Carousel Slider prior to 2.2.4

References

https://github.com/sayful1/carousel-slider

https://wordpress.org/plugins/carousel-slider/

https://jvn.jp/en/jp/JVN25264194/

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 2, 2024