{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2024-6490","assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","state":"PUBLISHED","assignerShortName":"WPScan","dateReserved":"2024-07-03T18:50:28.337Z","datePublished":"2024-07-26T06:00:04.555Z","dateUpdated":"2024-08-01T21:41:03.422Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2024-07-26T06:00:04.555Z"},"title":"Master Slider – Responsive Touch Slider <= 3.9.10 - CSRF to slider deletion","problemTypes":[{"descriptions":[{"description":"CWE-352 Cross-Site Request Forgery (CSRF)","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"Master Slider","versions":[{"status":"affected","versionType":"semver","version":"0","lessThanOrEqual":"3.9.10"}],"defaultStatus":"affected"}],"descriptions":[{"lang":"en","value":"During testing of the Master Slider  WordPress plugin through 3.9.10, a CSRF vulnerability was found, which allows an unauthorized user to manipulate requests on behalf of the victim and thereby delete all of the sliders inside Master Slider  WordPress plugin through 3.9.10."}],"references":[{"url":"https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Dmitrii Ignatyev","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"affected":[{"vendor":"averta","product":"master_slider","cpes":["cpe:2.3:a:averta:master_slider:*:*:*:*:*:wordpress:*:*"],"defaultStatus":"affected","versions":[{"version":"0","status":"affected","lessThanOrEqual":"3.9.10","versionType":"semver"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":6.5,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N","integrityImpact":"HIGH","userInteraction":"REQUIRED","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-07-29T14:31:35.817615Z","id":"CVE-2024-6490","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-07-29T14:33:55.817Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-01T21:41:03.422Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/5a56e5aa-841d-4be5-84da-4c3b7602f053/","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]}}