CVE-2024-45269: WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection...
Description
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
Classification
CVE ID: CVE-2024-45269
Problem Types
Cross-site request forgery (CSRF)Affected Products
Vendor: Sayful Islam
Product: Carousel Slider
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.09% (probability of being exploited)
EPSS Percentile: 22.46% (scored less or equal to compared to others)
EPSS Date: 2025-04-11 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-45269https://github.com/sayful1/carousel-slider
https://wordpress.org/plugins/carousel-slider/
https://jvn.jp/en/jp/JVN25264194/