Vulnerability Description
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Infornweb | Logo Showcase With Slick Slider | < 2.0.1 |
Related Weaknesses (CWE)
References
- https://plugins.trac.wordpress.org/changeset/2669404Release NotesThird Party Advisory
- https://wpscan.com/vulnerability/2f499945-1924-49f0-ad6e-9192273a5c05ExploitThird Party Advisory
- https://plugins.trac.wordpress.org/changeset/2669404Release NotesThird Party Advisory
- https://wpscan.com/vulnerability/2f499945-1924-49f0-ad6e-9192273a5c05ExploitThird Party Advisory
FAQ
What is CVE-2021-24913?
CVE-2021-24913 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, ch...
How severe is CVE-2021-24913?
CVE-2021-24913 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-24913?
Check the references section above for vendor advisories and patch information. Affected products include: Infornweb Logo Showcase With Slick Slider.