CVE-2024-6490

{"id": "CVE-2024-6490", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-07-26T06:15:02.927", "references": [{"url": "https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10."}, {"lang": "es", "value": "Durante las pruebas del complemento Master Slider de WordPress hasta la versi\u00f3n 3.9.10, se encontr\u00f3 una vulnerabilidad CSRF, que permite a un usuario no autorizado manipular solicitudes en nombre de la v\u00edctima y, por lo tanto, eliminar todos los sliders dentro del complemento Master Slider de WordPress hasta la versi\u00f3n 3.9.10."}], "lastModified": "2025-05-27T16:32:41.543", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "41F915A1-5F0D-4557-992C-21EC6C73BADD", "versionEndExcluding": "3.10.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}