CVE-2021-24742

Published: Nov 1, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.

Vendor	Product	Versions
Unknown	Logo Slider and Showcase	affected `1.3.37 - < 1.3.37`

Weaknesses (CWE)

CWE-863

References

https://wpscan.com/vulnerability/8dfc86e4-56a0-4e30-9050-cf3f328ff993

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2021-24742

Description

Affected Products

Weaknesses (CWE)

References