Vulnerabilities > CVE-2021-24742 - Incorrect Authorization vulnerability in Radiustheme Logo Slider and Showcase

047910
CVSS 6.5 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
radiustheme
CWE-863

Summary

The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.

Common Weakness Enumeration (CWE)