Vulnerabilities > CVE-2021-24742 - Incorrect Authorization vulnerability in Radiustheme Logo Slider and Showcase

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
radiustheme
CWE-863

Summary

The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.

Common Weakness Enumeration (CWE)