Lucene search
K

1694 matches found

Patchstack
Patchstack
added 2026/01/02 7:25 a.m.8 views

WordPress Logo Slider plugin < 4.9.0 - Contributor+ Stored XSS vulnerability

Contributor+ Stored XSS vulnerability discovered by Alex Tselevich nos3curity in WordPress Plugin Logo Slider versions 4.9.0...

6.1CVSS5.9AI score0.00192EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/02 6:15 a.m.4 views

CVE-2025-13153

The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.1CVSS0.00192EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/02 6:0 a.m.4 views

CVE-2025-13153 Logo Slider < 4.9.0 - Contributor+ Stored XSS

The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.1AI score0.00192EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/02 6:0 a.m.23 views

CVE-2025-13153 Logo Slider < 4.9.0 - Contributor+ Stored XSS

The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

0.00192EPSS
Exploits0References1
CVE
CVE
added 2026/01/02 6:0 a.m.18 views

CVE-2025-13153

CVE-2025-13153 — The Logo Slider WordPress plugin prior to 4.9.0 does not validate or escape certain slider options before echoing them in the dashboard, enabling Stored XSS for users with contributor+ privileges. Root cause: insufficient input validation/escaping in the plugin’s dashboard output...

6.1CVSS5.1AI score0.00192EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/02 6:0 a.m.4 views

EUVD-2026-0714

The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

6.1CVSS5AI score0.00192EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/02 12:0 a.m.5 views

PT-2026-1051

Name of the Vulnerable Software and Affected Versions Logo Slider WordPress plugin versions prior to 4.9.0 Description The software does not properly validate and escape slider options before displaying them in the dashboard. This could allow users with contributor access or higher to perform...

6.1CVSS5.3AI score0.00192EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/02 12:0 a.m.3 views

WordPress plugin Logo Slider 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.1CVSS5.7AI score0.00192EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/01 2:18 p.m.5 views

CVE-2025-62121

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Emu Logo Slider , Logo Carousel , Logo showcase , Client Logo tc-logo-slider allows Stored XSS.This issue affects Logo Slider , Logo Carousel , Logo showcase , Client Logo: from n/a through =...

5.9CVSS5.9AI score0.00182EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 6:2 p.m.3 views

CVE-2025-15262

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

7.2CVSS4.8AI score0.00292EPSS
Exploits1References1
NVD
NVD
added 2025/12/31 2:15 p.m.5 views

CVE-2025-62121

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Emu Logo Slider , Logo Carousel , Logo showcase , Client Logo tc-logo-slider allows Stored XSS.This issue affects Logo Slider , Logo Carousel , Logo showcase , Client Logo: from n/a through =...

5.9CVSS0.00182EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/31 1:39 p.m.24 views

CVE-2025-62121 WordPress Logo Slider , Logo Carousel , Logo showcase , Client Logo plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Emu Logo Slider , Logo Carousel , Logo showcase , Client Logo tc-logo-slider allows Stored XSS.This issue affects Logo Slider , Logo Carousel , Logo showcase , Client Logo: from n/a through =...

5.9CVSS0.00182EPSS
Exploits0References1
CVE
CVE
added 2025/12/31 1:39 p.m.12 views

CVE-2025-62121

CVE-2025-62121 is described as a Stored XSS in the WordPress plugins under the Logo Slider/Carousel/Showcase family (Logo Slider, Logo Carousel, Logo showcase, Client Logo: tc-logo-slider). The vulnerability is due to improper neutralization of input during web page generation, allowing stored cr...

5.9CVSS5.9AI score0.00182EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/31 1:39 p.m.4 views

CVE-2025-62121 WordPress Logo Slider , Logo Carousel , Logo showcase , Client Logo plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Emu Logo Slider , Logo Carousel , Logo showcase , Client Logo allows Stored XSS.This issue affects Logo Slider , Logo Carousel , Logo showcase , Client Logo: from n/a through 1.8.1...

5.9CVSS5.6AI score0.00182EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/31 1:39 p.m.4 views

EUVD-2025-205963

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Imran Emu Logo Slider , Logo Carousel , Logo showcase , Client Logo allows Stored XSS.This issue affects Logo Slider , Logo Carousel , Logo showcase , Client Logo: from n/a through 1.8.1...

5.9CVSS5.5AI score0.00182EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/12/31 1:38 p.m.5 views

WordPress Logo Slider , Logo Carousel , Logo showcase , Client Logo plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Logo Slider , Logo Carousel , Logo showcase , Client Logo versions = 1.8.1...

5.9CVSS5.9AI score0.00182EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/31 12:0 a.m.5 views

PT-2025-54330

Name of the Vulnerable Software and Affected Versions Imran Emu Logo Slider, Logo Carousel, Logo showcase, Client Logo versions through 1.8.1 Description The software contains a flaw due to improper input handling during web page generation, leading to a Cross-site Scripting XSS issue. This...

5.9CVSS5.7AI score0.00182EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/31 12:0 a.m.3 views

WordPress plugin Logo Slider , Logo Carousel , Logo showcase , Client Logo 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin Logo...

5.9CVSS5.9AI score0.00182EPSS
Exploits0References1
NVD
NVD
added 2025/12/30 6:15 p.m.7 views

CVE-2025-15262

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

7.2CVSS0.00292EPSS
Exploits1References4
OSV
OSV
added 2025/12/30 6:15 p.m.5 views

CVE-2025-15262

A security flaw has been discovered in BiggiDroid Simple PHP CMS 1.0. This impacts an unknown function of the file /admin/edit.php of the component Site Logo Handler. Performing a manipulation of the argument image results in unrestricted upload. Remote exploitation of the attack is possible. The...

7.2CVSS5.5AI score0.00292EPSS
Exploits1References4
Rows per page
Query Builder