Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

depicter

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

4
Related CVEsRelated VendorsRelated AssignersReports
4Vulnerabilities found
CVE-2024-47359
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 35.01%
||
7 Day CHG~0.00%
Published-01 Nov, 2024 | 14:17
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Depicter plugin <= 3.2.2 - Broken Access Control vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in averta Depicter Slider depicter.This issue affects Depicter Slider: from n/a through <= 3.2.2.

Action-Not Available
Vendor-Depicter (Averta)
Product-depicterDepicter Sliderdepicter_slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-37414
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 25.82%
||
7 Day CHG~0.00%
Published-22 Jul, 2024 | 08:38
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Depicter Slider plugin <= 3.0.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Stored XSS.This issue affects Depicter Slider: from n/a through 3.0.2.

Action-Not Available
Vendor-Depicter (Averta)
Product-depicterDepicter Slider
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-4390
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-6.5||MEDIUM
EPSS-0.39% / 60.20%
||
7 Day CHG~0.00%
Published-20 Jun, 2024 | 03:37
Updated-08 Apr, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Depicter <= 3.0.2 - Authenticated (Contributor+) Arbitrary Nonce Generation

The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Arbitrary Nonce Generation in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers with contributor access and above, to generate a valid nonce for any WordPress action/function. This could be used to invoke functionality that is protected only by nonce checks.

Action-Not Available
Vendor-Depicter (Averta)
Product-depicterDepicter — Popup & Slider Builder
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-51491
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-5.4||MEDIUM
EPSS-0.04% / 11.89%
||
7 Day CHG~0.00%
Published-16 Mar, 2024 | 00:59
Updated-28 Apr, 2026 | 16:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Depicter Slider plugin <= 2.0.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Averta Depicter Slider.This issue affects Depicter Slider: from n/a through 2.0.6.

Action-Not Available
Vendor-Depicter (Averta)
Product-depicterDepicter Slider
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)