WordPress Carousel Slider Plugin CSRF Vulnerability (JVN#25264194)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability ID: JVN#25264194 2. Plugin Name: Carousel Slider 3. Plugin Provider: Sayful Islam 4. Affected Products: - Carousel Slider versions prior to 2.0 - Carousel Slider versions prior to 2.2.4 5. Vulnerability Type: Cross-site request forgery (CSRF) 6. Vulnerability Description: - Carousel image selection feature (CWE-352) - Hero image selection feature (CWE-352) 7. Impact: When logged into a WordPress site using the Carousel Slider plugin, visiting a crafted page may allow an attacker to tamper with website content. 8. Solution: Update the plugin to the latest version. 9. Vendor Status: - Sayful Islam - GitHub Carousel Slider - WordPress Carousel Slider 10. Reference Links: - JPCERT/CC Addendum - Vulnerability Analysis by JPCERT/CC 11. Credits: - RyotaK of Flatt Security Inc. reported this vulnerability - JPCERT/CC coordinated with the developer, Information Security Management Early Warning Partnership 12. Additional Information: - JPCERT Alert - JPCERT Reports - CERT Advisory - CPNI Advisory - TRnotes - CVE - JVN iPedia This information provides a detailed description of the vulnerability, its scope of impact, mitigation steps, and relevant references, aiding users in understanding and addressing the vulnerability.

Goal Reached Thanks to every supporter — we hit 100%!

WordPress Carousel Slider Plugin CSRF Vulnerability (JVN#25264194)