Lucene search

Apple502jPATCHSTACK:B1E509897ECD2760B930162BFBD6E47C

HistoryOct 24, 2021 - 12:00 a.m.

WordPress Logo Showcase with Slick Slider plugin <= 1.2.4 - Arbitrary Media Title/Description/Alt Text/URL Update vulnerability

2021-10-2400:00:00

apple502j

patchstack.com

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

JSON

Arbitrary Media Title/Description/Alt Text/URL Update vulnerability discovered by apple502j in WordPress Logo Showcase with Slick Slider plugin (versions <= 1.2.4).

Solution

           Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version (at least 1.2.5).

CPENameOperatorVersion
logo showcase with slick sliderle1.2.4

CPE	Name	Operator	Version
	logo showcase with slick slider	le	1.2.4

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24730

wordpress.org/plugins/logo-showcase-with-slick-slider/#developers

wpscan.com/vulnerability/d5534ff9-c4af-46b7-8852-0f3dfd644855

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

JSON

Related for PATCHSTACK:B1E509897ECD2760B930162BFBD6E47C