Approved changes feed: RSS · Atom

cpe:2.3:a:infornweb:logo_showcase_with_slick_slider:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

VendorInfornweb (102f61ba-d160-5c65-a603-e7ea05c44883)
ProductLogo Showcase With Slick Slider (d547d0cc-1726-5981-8830-60ec6759b421)
Edition*
Language*
Software edition*
Target softwarewordpress
Target hardware*
Other*
NotesImported from gcve-enriched-dumps CVE data

PURL mappings

PURLSourceLast updated
No PURL mappings for this CPE yet.

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2021-24913 vulnerable 2026-06-08 05:30:39.613235 Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF
The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.
Published: 2022-02-28T09:06:20.000Z
Updated: 2024-08-03T19:49:14.408Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24730 vulnerable 2026-06-08 05:30:39.096173 Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media.
Published: 2022-02-28T09:06:07.000Z
Updated: 2024-08-03T19:42:16.860Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2021-24729 vulnerable 2026-06-08 05:30:39.095580 Logo Showcase with Slick Slider < 1.2.4 - Author+ Stored Cross Site Scripting
The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.
Published: 2021-11-23T19:16:10.000Z
Updated: 2024-08-03T19:42:16.637Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.