Medium severity6.5NVD Advisory· Published Jun 20, 2024· Updated Apr 8, 2026

CVE-2024-4390

Description

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks.

Affected products

Depicter/Depicter
cpe:2.3:a:depicter:depicter:*:*:*:*:*:wordpress:*:*
Range: <3.1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.wordfence.com/threat-intel/vulnerabilities/id/dd7c3a5d-b8aa-45cb-983c-55ba7e3d72f3nvdThird Party Advisory
plugins.trac.wordpress.org/browser/depicter/trunk/app/src/Controllers/Ajax/SecurityAjaxController.phpnvdProduct
plugins.trac.wordpress.org/changesetnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000