The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for unauthenticated attackers to duplicate or delete arbitrary sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Configurations
History
07 Jan 2025, 17:39
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=cve - Third Party Advisory |
07 Jan 2025, 16:35
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-352 | |
| CPE | cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:* | |
| First Time |
Averta
Averta master Slider |
|
| References | () https://plugins.trac.wordpress.org/browser/master-slider/trunk/admin/includes/classes/class-msp-list-table.php - Product | |
| References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=cve - Vendor Advisory |
Information
Published : 2024-03-02 12:15
Updated : 2025-01-07 17:39
NVD link : CVE-2023-6326
Mitre link : CVE-2023-6326
CVE.ORG link : CVE-2023-6326
JSON object : View
Products Affected
averta
- master_slider
CWE
CWE-352
Cross-Site Request Forgery (CSRF)