3 matches found
CVE-2021-24730
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media...
CVE-2021-24730
CVE-2021-24730 affects the WordPress plugin “Logo Showcase with Slick Slider” prior to version 1.2.5. The issue is an absence of CSRF and authorization checks in the lswss_save_attachment_data AJAX action, allowing any authenticated user (e.g., Subscriber) to modify title, description, alt text, ...
CVE-2021-24730 Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media...