CVE-2023-6326

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-6326
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.3. This is due to missing or incorrect nonce validation on the 'process_bulk_action' function. This makes it possible for unauthenticated attackers to duplicate or delete arbitrary sliders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

5.4 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 2.5

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://plugins.trac.wordpress.org/browser/master-slider/trunk/admin/includes/classes/class-msp-list-table.php Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=cve Third Party Advisory
https://plugins.trac.wordpress.org/browser/master-slider/trunk/admin/includes/classes/class-msp-list-table.php Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/5e0a7108-15ef-42d0-adce-fd5b0e6faf3c?source=cve Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*
History

No history.

Information

Published : 2024-03-02 12:15

Updated : 2025-01-07 17:39

NVD link : CVE-2023-6326

Mitre link : CVE-2023-6326

CVE.ORG link : CVE-2023-6326

JSON object : View

Products Affected

averta

  • master_slider
CWE
CWE-352

Cross-Site Request Forgery (CSRF)