Severity
Medium
Analysis Summary
CVE-2024-45270 CVSS:4.3
WordPress Carousel Slider plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to alter the contents of the WordPress site. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVE-2024-45269 CVSS:4.3
WordPress Carousel Slider plugin for WordPress is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to alter the contents of the WordPress site. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
- CVE-2024-45270
- CVE-2024-45269
Affected Vendors
Affected Products
- Carousel Slider plugin for WordPress 2.2.0
- Carousel Slider plugin for WordPress 1.10.2
Remediation
Upgrade to the latest version of Carousel Slider plugin for WordPress, available from the WordPress Plugin Directory.