CVE-2021-4424 - CERT CVE
ID CVE-2021-4424
Sažetak The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qc_slider_hero_duplicate() function. This makes it possible for unauthenticated attackers to duplicate slides via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Reference
CVSS
Base: 4.3
Impact: 1.4
Exploitability:2.8
Pristup
VektorSloženostAutentikacija
NETWORK LOW -
Impact
PovjerljivostCjelovitostDostupnost
NONE LOW NONE
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Zadnje važnije ažuriranje 07-11-2023 - 03:40
Objavljeno 12-07-2023 - 07:15