Main Vulnerability Database SB2020012008

SB2020012008 - Improper Privilege Management in Images Slideshow by 2J – Image Slider plugin for WordPress

Published: January 20, 2020

Security Bulletin ID SB2020012008

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Privilege Management (CVE-ID: N/A)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to lack of authorisation checks in the "twoj_slideshow_setup()" function in the "2j-slideshow/inc/addons/setup/setup.class.php" script registered as an AJAX call. A remote user can deactivate any plugins on the blog.

Remediation

Install update from vendor's website.

References

https://wpvulndb.com/vulnerabilities/10034/
https://blog.nintechnet.com/wordpress-2j-slideshow-plugin-fixed-authenticated-arbitrary-plugin-deactivation-vulnerability/