WordPress Logo Showcase – Responsive Logo Carousel, Logo Slider & Logo Grid plugin <= 3.2.7 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin Logo Showcase with Slick Slider versions = 3.2.7...

WordPress WP Slick Slider and Image Carousel plugin <= 3.7.8.1 - Backdoor vulnerability

Backdoor vulnerability discovered by ? in WordPress Plugin WP Slick Slider and Image Carousel versions = 3.7.8.1...

EUVD-2023-53760

Malicious code in bioql PyPI...

CVE-2023-49852

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4...

CVE-2023-49852 WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4...

CVE-2023-49852 WordPress Responsive Slick Slider WordPress plugin <= 1.4 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page Basic XSS vulnerability in Vsourz Digital Responsive Slick Slider WordPress allows Code Injection.This issue affects Responsive Slick Slider WordPress: from n/a through 1.4...

WordPress WP Slick Slider and Image Carousel Plugin <= 3.5 is vulnerable to Broken Access Control

Software WP Slick Slider and Image Carousel Type Plugin Vulnerable versions = 3.5 Fixed in 3.6 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID 4e3994072e72 Credits Abdi...

WordPress Logo Showcase with Slick Slider Plugin <= 3.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Logo Showcase with Slick Slider Type Plugin Vulnerable versions = 3.2.0 Fixed in 3.2.1 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d01735b38aab Credits Rafie Muhammad...

WordPress Slick Slider plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in versions of the WordPress Slick Slider plugin prior to 2.0.1, which stems...

CVE-2021-24913

The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswsssaveattachmentdata AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media...

CVE-2021-24730

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media...

CVE-2021-24913

The CVE-2021-24913 entry concerns the WordPress Logo Showcase with Slick Slider plugin vulnerable before 2.0.1. Multiple connected sources confirm a CSRF flaw in the lswss_save_attachment_data AJAX action that allows a logged-in high-privilege user to modify title, description, alt text, and URL ...

CVE-2021-24913 Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF

The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswsssaveattachmentdata AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media...

CVE-2021-24730 Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update

The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media...

CVE-2021-24730

CVE-2021-24730 affects the WordPress plugin “Logo Showcase with Slick Slider” prior to version 1.2.5. The issue is an absence of CSRF and authorization checks in the lswss_save_attachment_data AJAX action, allowing any authenticated user (e.g., Subscriber) to modify title, description, alt text, ...

PT-2022-9454 · WordPress · The Logo Showcase With Slick Slider

Name of the Vulnerable Software and Affected Versions: The Logo Showcase with Slick Slider WordPress plugin versions prior to 1.2.5 Description: The issue concerns a lack of CSRF and authorization checks in the lswss save attachment data AJAX action. This allows any authenticated user to modify...

WordPress Logo Showcase with Slick Slider plugin < 2.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Logo Showcase with Slick Slider plugin versions 2.0.3. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 2.0.3...

WordPress Logo Showcase with Slick Slider plugin < 2.0.3 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Logo Showcase with Slick Slider plugin versions 2.0.3. Solution Update the WordPress Logo Showcase with Slick Slider plugin to the latest available version at least 2.0.3...

WordPress plugin Logo Showcase with Slick Slider 访问控制错误漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. An access control error vulnerability exists in the WordPress...

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in versions of the WordPress Slick Slider plugin prior to 2.0.1, which stems...