QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2021-24730

Back to search

CVE-2021-24730

Published: Feb 28, 2022

Modified: Aug 3, 2024

PUBLISHED

Description

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media.

VendorProductVersions

Unknown

Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid

affected
1.2.5 - < 1.2.5

Weaknesses (CWE)

CWE-862
CWE-352

References

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now