WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site.
The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor.
Link | Tags |
---|---|
https://github.com/sayful1/carousel-slider | product release notes |
https://wordpress.org/plugins/carousel-slider/ | product |
https://jvn.jp/en/jp/JVN25264194/ | third party advisory |