WordPress Logo Carousel plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation’s set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress Logo Carousel plugin has a cross-site scripting vulnerability in versions prior to 3.4.2, which stems from a lack of data validation filtering of user-supplied data and output. An attacker could exploit this vulnerability to perform cross-site scripting attacks.