4 matches found
CVE-2025-13153
The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-13153
CVE-2025-13153 — The Logo Slider WordPress plugin prior to 4.9.0 does not validate or escape certain slider options before echoing them in the dashboard, enabling Stored XSS for users with contributor+ privileges. Root cause: insufficient input validation/escaping in the plugin’s dashboard output...
CVE-2025-13153 Logo Slider < 4.9.0 - Contributor+ Stored XSS
The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...
CVE-2025-4133
The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks...