CVE-2023-6326

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Mar 2, 2024

Updated: Jan 7, 2025

CWE ID 352

Summary

CVE-2023-6326 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Master Slider – Responsive Touch Slider plugin for WordPress. Versions up to 3.9.3 are impacted. This issue arises due to insufficient nonce validation on the 'process_bulk_action' function. An attacker can exploit this flaw by tricking a site administrator into clicking a malicious link, enabling them to duplicate or delete arbitrary sliders without authentication. This vulnerability poses a significant security risk and requires immediate patching.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Averta Master Slider

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tlbdvA
https://www.cve.org/CVERecord?id=CVE-2023-6326
https://nvd.nist.gov/vuln/detail/CVE-2023-6326

Back to Vulnerability Database

CVE-2023-6326

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations