CVE-2021-24913

CVE-2021-24913: Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF

Vendor Unknown

Product Logo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid

Weakness CWE-352 · CSRF

Published February 28, 2022

Last update August 3, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.

Key dates

02Disclosure timeline

February 28, 2022 CVE published

August 3, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2021-24913 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2026-31954 Emlog asynchronous media file deletion missing CSRF protection CVE-2025-25056 CVE-2024-12291 ViewMedica 9 <= 1.4.17 - Cross-Site Request Forgery to Reflected Cross-Site Scripting CVE-2025-32484 WordPress WP-Planification – WP-Planning plugin <= 2.3.1 - CSRF to Stored XSS vulnerability CVE-2023-45629 WordPress Responsive Image Gallery, Gallery Album Plugin <= 2.0.3 is vulnerable to Cross Site Request Forgery (CSRF)