Logo Slider and Showcase < 1.3.37 – Editor Plugin's Settings Update | CVE 2021-24742 | Plugin Vulnerabilities

Description

The plugin allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.

Proof of Concept

- As Editor, go to Logo Showcase -> Shortcode Generator
- Run jQuery.post(ajaxurl,{rt_wls_nonce:wls.nonce,action:"rtWLSSettings",image_resize:1,image_width:200,image_height:130})
- As admin, notice that the plugin’s settings have been updated

Affects Plugins

wp-logo-showcase

Fixed in 1.3.37

References

CVE

Classification

Type

INCORRECT AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

8dfc86e4-56a0-4e30-9050-cf3f328ff993

Timeline

Publicly Published

2021-10-04 (about 2 years ago)

Added

2021-10-04 (about 2 years ago)

Last Updated

2022-04-15 (about 2 years ago)

Other

Published

Title

Published

2024-04-05

Title

PostX – Gutenberg Blocks for Post Grid < 3.2.4 - Incorrect Authorization

Published

2024-01-29

Title

Avada < 7.11.2 - Author+ Arbitrary File Upload via Zip Extraction

Published

2022-03-16

Title

Responsive Menu < 4.1.8 - Subscriber+ Arbitrary File Upload / Theme Deletion / Plugin Settings Update

Published

2022-07-25

Title

Flipbox < 2.6.1 - Authenticated Arbitrary Options Update

Published

2023-05-23

Title

Go Pricing - WordPress Responsive Pricing Tables < 3.4 - Incorrect Authorization leading to Arbitrary File Upload