Security Advisory

CVE-2021-24913

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-02-28 09:06:20

Last updated 2024-08-03 19:49:14

Assigner WPScan

State PUBLISHED

Description

The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.

← Browse all CVEs View on cve.org ↗