Logo Showcase with Slick Slider WordPress Plugin Cross-Site Request Forgery Vulnerability in AJAX Action

A vulnerability exists in the Logo Showcase with Slick Slider WordPress plugin in versions prior to 1.2.5. The issue arises because the plugin's lswss_save_attachment_data AJAX action lacks Cross-Site Request Forgery (CSRF) protection and proper authorization checks. This flaw enables any authenticated user, including Subscribers, to modify the title, description, alt text, and URL of any uploaded media.

Impact

Exploitation of this vulnerability allows for unauthorized modification of media metadata, including titles, descriptions, alt text, and URLs.

Reproduction

To reproduce this vulnerability, an authenticated user can send a POST request to the WordPress admin-ajax.php file. The request must include the action 'lswss_save_attachment_data', the ID of the attachment to be modified, and the new metadata values for the title, description, alt text, and URL. This can be done using JavaScript, such as with jQuery's AJAX post method.

Remediation

Users are advised to update the Logo Showcase with Slick Slider WordPress plugin to version 1.2.5 or later.