漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Logo Showcase with Slick Slider < 1.2.5 - Subscriber+ Arbitrary Media Title/Description/Alt Text/URL Update
Vulnerability Description
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswss_save_attachment_data AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media.
CVSS Information
N/A
Vulnerability Type
授权机制缺失
Vulnerability Title
WordPress plugin Logo Showcase with Slick Slider 访问控制错误漏洞
Vulnerability Description
WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Slick Slider 存在访问控制错误漏洞,该漏洞源于1.2.5之前的Logo Showcase with Slick Slider WordPress插件在lswss保存附件数据的AJAX操作中没有CSRF和授权检查,允许任何经过身份验证的用户,如订阅者,更
CVSS Information
N/A
Vulnerability Type
N/A