{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-6490", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2024-07-03T18:50:28.337Z", "datePublished": "2024-07-26T06:00:04.555Z", "dateUpdated": "2024-08-01T21:41:03.422Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-07-26T06:00:04.555Z"}, "title": "Master Slider \u2013 Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion", "problemTypes": [{"descriptions": [{"description": "CWE-352 Cross-Site Request Forgery (CSRF)", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Master Slider", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThanOrEqual": "3.9.10"}], "defaultStatus": "affected"}], "descriptions": [{"lang": "en", "value": "During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10."}], "references": [{"url": "https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Dmitrii Ignatyev", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"affected": [{"vendor": "averta", "product": "master_slider", "cpes": ["cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*"], "defaultStatus": "affected", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.9.10", "versionType": "semver"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-07-29T14:31:35.817615Z", "id": "CVE-2024-6490", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T14:33:55.817Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.422Z"}, "title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/", "tags": ["exploit", "vdb-entry", "technical-description", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T21:41:03.422Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-6490", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-07-29T14:31:35.817615Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*"], "vendor": "averta", "product": "master_slider", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.9.10"}], "defaultStatus": "affected"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-29T14:32:58.145Z"}}], "cna": {"title": "Master Slider \u2013 Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Dmitrii Ignatyev"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Master Slider", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.9.10"}], "defaultStatus": "affected"}], "references": [{"url": "https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2024-07-26T06:00:04.555Z"}}}, "cveMetadata": {"cveId": "CVE-2024-6490", "state": "PUBLISHED", "dateUpdated": "2024-08-01T21:41:03.422Z", "dateReserved": "2024-07-03T18:50:28.337Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2024-07-26T06:00:04.555Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "41F915A1-5F0D-4557-992C-21EC6C73BADD", "versionEndExcluding": "3.10.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "During testing of the Master Slider WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider WordPress plugin through 3.9.10."}, {"lang": "es", "value": "Durante las pruebas del complemento Master Slider de WordPress hasta la versi\u00f3n 3.9.10, se encontr\u00f3 una vulnerabilidad CSRF, que permite a un usuario no autorizado manipular solicitudes en nombre de la v\u00edctima y, por lo tanto, eliminar todos los sliders dentro del complemento Master Slider de WordPress hasta la versi\u00f3n 3.9.10."}], "id": "CVE-2024-6490", "lastModified": "2025-05-27T16:32:41.543", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-07-26T06:15:02.927", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}