CVE-2021-24742

CVE-2021-24742: Logo Slider and Showcase < 1.3.37 - Editor Plugin's Settings Update

Vendor Unknown

Product Logo Slider and Showcase

Weakness CWE-863 · Incorrect authorization

Published November 1, 2021

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.

Key dates

02Disclosure timeline

November 1, 2021 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24742 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/863.html

Related vulnerabilities

04Related CVE

CVE-2024-5705 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Authorization CVE-2025-41436 Unauthorized access to archived channel content via threads interface CVE-2022-35692 Adobe Commerce Improper Access Control Security feature bypass CVE-2026-25875 PlaciPy Admin Privilege Escalation via Trusted JWT Claims CVE-2026-26205 opa-envoy-plugin has an Authorization Bypass via Double-Slash Path Misinterpretation in `input.parsed_path`