CVE-2021-24913

Name of the Vulnerable Software and Affected Versions The Logo Showcase with Slick Slider WordPress plugin versions prior to 2.0.1

Description The issue concerns a lack of CSRF check in the "lswss save attachment data" AJAX action. This allows attackers to manipulate a logged-in high privilege user into changing the title, description, alt text, and URL of arbitrary uploaded media.

Recommendations For versions prior to 2.0.1, update to version 2.0.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the "lswss save attachment data" AJAX action to minimize the risk of exploitation.