CVE-2024-45270: WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature....
Description
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
Classification
CVE ID: CVE-2024-45270
Problem Types
Cross-site request forgery (CSRF)Affected Products
Vendor: Sayful Islam
Product: Carousel Slider
Exploit Prediction Scoring System (EPSS)
EPSS Score: 0.05% (probability of being exploited)
EPSS Percentile: 13.72% (scored less or equal to compared to others)
EPSS Date: 2025-04-11 (when was this score calculated)
Stakeholder-Specific Vulnerability Categorization (SSVC)
SSVC Exploitation: none
SSVC Technical Impact: partial
SSVC Automatable: false
References
https://nvd.nist.gov/vuln/detail/CVE-2024-45270https://github.com/sayful1/carousel-slider
https://wordpress.org/plugins/carousel-slider/
https://jvn.jp/en/jp/JVN25264194/