Lucene search
K

172 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-13247

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS0.00193EPSS
Exploits0References5
EUVD
EUVD
added 5 days ago9 views

EUVD-2026-42863

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
CVE
CVE
added 5 days ago15 views

CVE-2026-13247

CVE-2026-13247 affects the WordPress plugin Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase (versions up to 5.5). The vulnerability is a stored cross-site scripting via the lgx_tooltip_position parameter caused by insufficient input sanitization and output escaping. Exploitation ...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 5 days ago6 views

CVE-2026-13247

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS6.2AI score0.00193EPSS
Exploits0References6
Cvelist
Cvelist
added 5 days ago35 views

CVE-2026-13247 Logo Slider <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'lgx_tooltip_position' Parameter

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgxtooltipposition' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This...

6.4CVSS0.00193EPSS
Exploits0References5
Patchstack
Patchstack
added 6 days ago5 views

WordPress Logo Slider WP – Responsive Logo Carousel, Logo Gallery & Logo Showcase plugin <= 5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by ? in WordPress Plugin Logo Slider versions = 5.5...

6.4CVSS6.1AI score0.00193EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:40 p.m.11 views

CVE-2025-62127

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

5.9CVSS5.4AI score0.00136EPSS
Exploits0References1
NVD
NVD
added 2026/05/16 4:16 p.m.12 views

CVE-2020-37227

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS0.00541EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/16 3:25 p.m.40 views

CVE-2020-37227 WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS0.00541EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.7 views

CVE-2020-37227

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS6.3AI score0.00541EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/05/16 3:25 p.m.20 views

CVE-2020-37227

HS Brand Logo Slider 2.1 (a WordPress plugin) has an unrestricted file upload vulnerability. Authenticated users can bypass client-side extension checks by targeting the logoupload parameter in the admin interface and rename uploaded files to executable extensions such as .php, enabling remote co...

8.8CVSS6.3AI score0.00541EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.10 views

CVE-2020-37227 WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to...

8.8CVSS6.3AI score0.00541EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/16 12:0 a.m.13 views

WordPress plugin HS Brand Logo Slider 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

8.8CVSS6.4AI score0.00541EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/07 9:31 a.m.8 views

EUVD-2025-209712

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References2
NVD
NVD
added 2026/05/07 9:16 a.m.12 views

CVE-2025-62127

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

5.9CVSS0.00136EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/07 7:54 a.m.8 views

CVE-2025-62127 WordPress WEN Logo Slider plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/07 7:54 a.m.8 views

CVE-2025-62127

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References2
CVE
CVE
added 2026/05/07 7:54 a.m.23 views

CVE-2025-62127

The CVE-2025-62127 entry describes a DOM-based Cross-Site Scripting (XSS) vulnerability in WordPress plugin WEN Logo Slider (WEN Themes) affecting versions up to 3.4.0. The underlying issue is improper input neutralization during web page generation, enabling XSS within the plugin’s rendering pip...

5.9CVSS5.8AI score0.00136EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/07 7:54 a.m.51 views

CVE-2025-62127 WordPress WEN Logo Slider plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in WEN Themes WEN Logo Slider allows DOM-Based XSS. This issue affects WEN Logo Slider: from n/a through 3.4.0...

5.9CVSS0.00136EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/07 7:53 a.m.15 views

WordPress WEN Logo Slider plugin <= 3.4.0 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin WEN Logo Slider versions = 3.4.0...

5.9CVSS5.8AI score0.00136EPSS
Exploits0Affected Software1
Rows per page
Query Builder