Show filters
1 Total Results
Displaying 1-1 of 1
Sort by:
Attacker Value
Unknown

CVE-2021-24742

Disclosure Date: November 01, 2021 (last updated February 23, 2025)
The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0