Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid, CVE-2021-24913

CVE, Research URL: CVE-2021-24913
Home page URL: Security reports for Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid
Application: Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid
Published on: Feb 28, 2022
Research Description: The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.
Affected versions: Min -, max 2.0.3.
Status: vulnerable

Logo Showcase with Slick Slider &#8211; Logo Carousel, Logo Slider &amp; Logo Grid, CVE-2021-24913