CVE-2021-24730
Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update
Severity Score
4.3
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media.
El plugin Logo Showcase with Slick Slider de WordPress versiones anteriores a 1.2.5 no dispone de comprobaciones de CSRF y de autorización en la acción AJAX lswss_save_attachment_data, permitiendo a cualquier usuario autenticado, como el suscriptor, cambiar el título, la descripción, el texto alternativo y la URL de medios subidos arbitrariamente.
*Credits:
apple502j
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-01-14 CVE Reserved
- 2021-10-24 CVE Published
- 2023-09-21 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-352: Cross-Site Request Forgery (CSRF)
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/d5534ff9-c4af-46b7-8852-0f3dfd644855 | 2024-08-03 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Infornweb Search vendor "Infornweb" | Logo Showcase With Slick Slider Search vendor "Infornweb" for product "Logo Showcase With Slick Slider" | < 1.2.5 Search vendor "Infornweb" for product "Logo Showcase With Slick Slider" and version " < 1.2.5" | wordpress |
Affected
| ||||||