Description
WordPress Plugin Logo Slider and Showcase is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently update plugin's settings. WordPress Plugin Logo Slider and Showcase version 1.3.36 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.3.37 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:8DFC86E4-56A0-4E30-9050-CF3F328FF993
https://plugins.svn.wordpress.org/wp-logo-showcase/trunk/README.txt
Related Vulnerabilities
WordPress Plugin OneLogin SAML SSO Unspecified Vulnerability (2.1.8)
Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-1000398)
WordPress Plugin Be POPIA Compliant Information Disclosure (1.1.5)
MySQL CVE-2021-35644 Vulnerability (CVE-2021-35644)
WordPress Plugin Contact Form With Captcha Cross-Site Request Forgery (1.6.2)