32 matches found
CVE-2023-51530 WordPress GS Logo Slider Plugin <= 3.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1...
CVE-2023-51530
CVE-2023-51530 describes a Cross-Site Request Forgery (CSRF) vulnerability in the GS Logo Slider plugins (Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation) affecting versions up to 3.5.1. The CVE entry and related sources confirm CSRF as the underlying issue, ...
WordPress Plugin Logo Slider - Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin Logo Slider - Logo Showcas...
PT-2024-14183 · Unknown · Gs Plugins Logo Slider
Name of the Vulnerable Software and Affected Versions: GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation versions n/a through 3.5.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attack...
CVE-2023-0073
The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2023-0073
The CVE-2023-0073 entry concerns the WordPress plugin Client Logo Carousel (≤ 3.0.0). The connected documents confirm that the vulnerability arises because certain shortcode attributes are not validated or escaped before being echoed on a page, enabling Stored XSS via a contributor+ user. The PoC...
CVE-2023-0073 Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS
The Client Logo Carousel WordPress plugin through 3.0.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
WordPress plugin Client Logo Carousel 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
PT-2023-15990 · WordPress · Client Logo Carousel
Name of the Vulnerable Software and Affected Versions: The Client Logo Carousel WordPress plugin versions 3.0.0 and earlier Description: The issue is related to the plugin not validating and escaping some of its shortcode attributes before outputting them back in a page or post where the shortcod...
Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC Note: 1. First, you need to add a...
Client Logo Carousel <= 3.0.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Note: 1. First, you need to add a Carousel...
WordPress Client Logo Carousel Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)
Software Client Logo Carousel Type Plugin Vulnerable versions = 3.0.0 Fixed in 3.0.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7a95db4d0d5d Credits Unknown Required...