CVE-2021-24913 Information
Jun 07, 2022
cve
Description
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action allowing attackers to make a logged in high privilege user change title description alt text and URL of arbitrary uploaded media.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Reference
https://wpscan.com/vulnerability/2f499945-1924-49f0-ad6e-9192273a5c05 https://plugins.trac.wordpress.org/changeset/2669404
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
NONE
Availability Impact
LOW
Base Score
NONE
Base Severity
4.3
Share on: