ReportizFlow
Filtered by vendor Averta
Subscriptions
Filtered by product Slider And Popup Builder By Depicter
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-8383 | 2 Averta, Wordpress | 2 Slider And Popup Builder By Depicter, Wordpress | 2025-11-03 | 4.3 Medium |
| The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 4.0.4. This is due to missing or incorrect nonce validation on the depicter-document-rules-store function. This makes it possible for unauthenticated attackers to modify document rules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-4389 | 1 Averta | 7 Add Image Slider, Carousel Slider, Coupon Popup and 4 more | 2024-08-14 | 8.8 High |
| The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the uploadFile function in all versions up to, and including, 3.1.1. This makes it possible for authenticated attackers, with contributor access or higher, to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
Page 1 of 1.