Vulnerabilities > Infornweb > Logo Showcase With Slick Slider > 1.2

DATE	CVE	VULNERABILITY TITLE	RISK
2022-02-28	CVE-2021-24730	Missing Authorization vulnerability in Infornweb Logo Showcase With Slick Slider The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media. network low complexity infornweb CWE-862	4.3
2022-02-28	CVE-2021-24913	Cross-Site Request Forgery (CSRF) vulnerability in Infornweb Logo Showcase With Slick Slider The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media. network infornweb CWE-352	4.3
2021-11-23	CVE-2021-24729	Cross-site Scripting vulnerability in Infornweb Logo Showcase With Slick Slider The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase. network infornweb CWE-79	3.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.