3 matches found
CVE-2021-24738
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24738
creationtimestamp| type| source ---|---|--- 2021-12-21 12:23:37+00:00| seen| https://t.me/cibsecurity/34414...
CVE-2021-24738
The CVE-2021-24738 entry concerns the WordPress Logo Carousel plugin prior to version 3.4.2. The vulnerability arises from a failure to validate and escape the “Logo Margin” option, enabling Stored Cross-Site Scripting (XSS) by users with as little as Contributor privileges. The issue is confirme...