Logo Showcase With Slick Slider
Approved changes feed: RSS · Atom
cpe:2.3:a:infornweb:logo_showcase_with_slick_slider:*:*:*:*:*:wordpress:*:*
part: a version: * update: *
| Vendor | Infornweb (102f61ba-d160-5c65-a603-e7ea05c44883) |
|---|---|
| Product | Logo Showcase With Slick Slider (d547d0cc-1726-5981-8830-60ec6759b421) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | wordpress |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-24913 |
vulnerable | 2026-06-08 05:30:39.613235 |
Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.
Published: 2022-02-28T09:06:20.000Z
Updated: 2024-08-03T19:49:14.408Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24730 |
vulnerable | 2026-06-08 05:30:39.096173 |
Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media.
Published: 2022-02-28T09:06:07.000Z
Updated: 2024-08-03T19:42:16.860Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-24729 |
vulnerable | 2026-06-08 05:30:39.095580 |
Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting
The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.
Published: 2021-11-23T19:16:10.000Z
Updated: 2024-08-03T19:42:16.637Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.