Depicter Slider < 3.5.0 – Missing Authorization | CVE 2024-47359 | Plugin Vulnerabilities

Description

The Slider & Popup Builder by Depicter – Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.2.2. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Fixed in 3.5.0

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/2d9f9774-e45d-4b69-80e0-dce1e7c0ea78

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Rafie Muhammad

Verified

No

WPVDB ID

0dd84808-8499-4719-ac2b-5d6d8e85de4e

Timeline

Publicly Published

2024-09-30 (about 1 year ago)

Added

2024-10-10 (about 1 year ago)

Last Updated

2024-10-10 (about 1 year ago)

Other

Published

Title

Published

2026-01-21

Title

Travel < 11.1.1 - Missing Authorization

Published

2024-04-16

Title

EleForms – All In One Form Integration including DB for Elementor < 2.9.9.8 - Missing Authorization to Sensitive Information Exposure

Published

2024-01-05

Title

Google Analytics by Monster Insights < 8.22.0 - Missing Authorization

Published

2025-08-22

Title

Acclectic Media Organizer <= 1.4 - Missing Authorization

Published

2025-09-22

Title

Team Manager <= 2.5.1 - Missing Authorization