Logo Slider and Showcase < 1.3.37 – Editor Plugin's Settings Update | CVE 2021-24742 | Plugin Vulnerabilities

Description

The plugin allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.

Proof of Concept

- As Editor, go to Logo Showcase -> Shortcode Generator
- Run jQuery.post(ajaxurl,{rt_wls_nonce:wls.nonce,action:"rtWLSSettings",image_resize:1,image_width:200,image_height:130})
- As admin, notice that the plugin’s settings have been updated

Affects Plugins

wp-logo-showcase

Fixed in 1.3.37

References

CVE

Classification

Type

INCORRECT AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

apple502j

Submitter

apple502j

Verified

Yes

WPVDB ID

8dfc86e4-56a0-4e30-9050-cf3f328ff993

Timeline

Publicly Published

2021-10-04 (about 4 years ago)

Added

2021-10-04 (about 4 years ago)

Last Updated

2022-04-15 (about 3 years ago)

Other

Published

Title

Published

2025-08-28

Title

LWSCache < 2.9 - Subscriber+ Limited Plugin Activation

Published

2024-04-05

Title

PostX – Gutenberg Blocks for Post Grid < 3.2.4 - Incorrect Authorization

Published

2024-01-29

Title

Avada < 7.11.2 - Author+ Arbitrary File Upload via Zip Extraction

Published

2021-09-29

Title

Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image Upload

Published

2025-11-07

Title

Download Manager < 3.3.31 - Unauthenticated Cron Trigger due to Hardcoded Cron Key