Lucene search

K
cve[email protected]CVE-2021-24913
HistoryFeb 28, 2022 - 9:15 a.m.

CVE-2021-24913

2022-02-2809:15:08
CWE-352
web.nvd.nist.gov
58
cve-2021-24913
logo showcase
slick slider
wordpress plugin
csrf
ajax
security vulnerability
nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.0%

The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.

Affected configurations

Vulners
NVD
Node
logo_slider_projectlogo_sliderRange<2.0.1
VendorProductVersionCPE
logo_slider_projectlogo_slider*cpe:2.3:a:logo_slider_project:logo_slider:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "2.0.1",
        "status": "affected",
        "version": "2.0.1",
        "versionType": "custom"
      }
    ]
  }
]

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

4.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

30.0%