Logo Slider Security Vulnerabilities and Issues — Logo Slider CVE List

Lucene search

Logo Slider ProjectLogo Slider

10 matches found

CVE•added 2022/06/08 10:15 a.m.•61 views

CVE-2022-1687

The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection

4CVSS3.8AI score0.00172EPSS

CVE•added 2023/02/06 8:15 p.m.•59 views

CVE-2022-4664

The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4CVSS5.3AI score0.0035EPSS

CVE•added 2024/06/07 6:15 a.m.•50 views

CVE-2024-3288

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4CVSS5.5AI score0.00573EPSS

CVE•added 2025/02/24 6:15 a.m.•48 views

CVE-2024-12308

The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

5.4CVSS5.9AI score0.00026EPSS

CVE•added 2024/11/28 6:15 a.m.•44 views

CVE-2024-10473

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.

5.4CVSS5.8AI score0.00036EPSS

CVE•added 2024/11/28 6:15 a.m.•40 views

CVE-2024-10896

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting

5.4CVSS5.5AI score0.00036EPSS

CVE•added 2024/10/17 6:15 a.m.•40 views

CVE-2024-5429

The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

7.6CVSS6.9AI score0.00324EPSS

CVE•added 2024/09/11 6:15 a.m.•37 views

CVE-2024-7716

The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.9AI score0.0013EPSS

CVE•added 2023/12/18 8:15 p.m.•31 views

CVE-2023-6077

The Slider WordPress plugin before 3.5.12 does not ensure that posts to be accessed via an AJAX action are slides and can be viewed by the user making the request, allowing any authenticated users, such as subscriber to access the content arbitrary post such as private, draft and password protected

6.5CVSS6.5AI score0.00316EPSS

CVE•added 2025/05/15 8:16 p.m.•22 views

CVE-2024-9233

The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

4.3CVSS6.8AI score0.00021EPSS