CVE-2024-6490 — Cross-Site Request Forgery in Master Slider

CWE-352 — Cross-Site Request Forgery3 documents2 sources

Severity

6.5MEDIUMNVD

NVD4.3

EPSS

0.1%

top 68.49%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Averta Master Slider

Timeline

PublishedJul 26

Description

During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDaverta/master_slider< 3.10.0

🔴Vulnerability Details

GHSA

GHSA-p63w-qrj3-j2r5: During testing of the Master Slider WordPress plugin through 3↗2024-07-26

▶