CVE-2026-6549

Technical details about CVE-2026-6549 are not publicly available in the provided documents; monitor for updates.

CVE-2026-2499 Custom Logo <= 2.2 - Authenticated (Administrator+) Stored Cross-Site Scripting via Logo Path Setting

The Custom Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

WordPress Logo Slider , Logo Carousel , Logo showcase , Client Logo plugin <= 1.8.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Nabil Irawan in WordPress Plugin Logo Slider , Logo Carousel , Logo showcase , Client Logo versions = 1.8.1...

PT-2025-46274

Name of the Vulnerable Software and Affected Versions WP Custom Admin Login Page Logo plugin for WordPress versions prior to 1.4.8.5 Description The plugin is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the wpclpl save functionality. This allows...

CVE-2023-0603

The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2019-10429

Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

WordPress Easy Logo plugin <= 1.9.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Cronus Patchstack Alliance in WordPress Plugin Easy Logo versions = 1.9.3...

WordPress Plugin Easy Logo 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

WordPress Change default login logo,url and title plugin <= 2.0 - CSRF to XSS vulnerability

CSRF to XSS vulnerability discovered by Dimas Maulana Patchstack Alliance in WordPress Plugin Change default login logo,url and title versions = 2.0...

CVE-2024-1951 Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid <= 1.3.8 - Authenticated(Contributor+) PHP Object Injection

The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with contributor...

Unspecified Vulnerability in CloudBees Jenkins GitLab Logo Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . GitLab Logo Plugin is used in one of the...

CVE-2019-10429

Jenkins GitLab Logo Plugin stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system...

CVE-2019-10429

The CVE refers to the Jenkins GitLab Logo Plugin, where credentials are stored unencrypted in the plugin’s or Jenkins master’s global configuration file. The underlying issue is that sensitive data is kept in plaintext on the Jenkins master filesystem and could be viewed by users with access to t...

PT-2019-11823 · Jenkins · Jenkins Gitlab Logo Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitLab Logo Plugin affected versions not specified Description: The issue concerns the storage of credentials in an unencrypted manner within the global configuration file of the Jenkins master. This allows users with access to the...

Cross-site scripting vulnerability in wordpress plugin post-logo

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the wordpress plugin post-logo due to improper filtering of user input, which...