Lucene search
WPScanCVELIST:CVE-2021-24730HistoryFeb 28, 2022 - 9:06 a.m.
CVE-2021-24730 Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update
2022-02-2809:06:07
CWE-862
CWE-352
WPScan
www.cve.org
2
cve-2021-24730
logo showcase
slick slider
wordpress plugin
csrf
authorization checks
ajax action
subscriber
arbitrary media
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media.
CNA Affected
[
{
"product": "Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid",
"vendor": "Unknown",
"versions": [
{
"lessThan": "1.2.5",
"status": "affected",
"version": "1.2.5",
"versionType": "custom"
}
]
}
]Related
prion
prion
Cross site request forgery (csrf)
2022-02-28 09:15:00
patchstack
patchstack
wpvulndb
wpvulndb
nvd
nvd
CVE-2021-24730
2022-02-28 09:15:07
wpexploit
wpexploit
cve
cve
CVE-2021-24730
2022-02-28 09:15:07