3 matches found
CVE-2024-3288
The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2024-3288
CVE-2024-3288 affects the Logo Slider WordPress plugin (pre-4.0.0). The issue is that certain Slider Settings are not properly validated or escaped before being output in attributes, enabling Stored XSS for users with Contributor+ roles. Red Hat confirms the same description. Remediation per sour...
CVE-2024-3288 Logo Slider < 4.0.0 - Contributor+ Stored XSS
The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...