Logo Slider Security Vulnerabilities and Issues — Logo Slider CVE List

Lucene search

Logo Slider ProjectLogo Slider

5 matches found

CVE•added 2024/06/07 6:15 a.m.•50 views

CVE-2024-3288

The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

5.4CVSS5.5AI score0.00573EPSS

CVE•added 2024/11/28 6:15 a.m.•44 views

CVE-2024-10473

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.

5.4CVSS5.8AI score0.0004EPSS

CVE•added 2024/11/28 6:15 a.m.•40 views

CVE-2024-10896

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting

5.4CVSS5.5AI score0.0004EPSS

CVE•added 2024/10/17 6:15 a.m.•40 views

CVE-2024-5429

The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

7.6CVSS6.9AI score0.00352EPSS

CVE•added 2024/09/11 6:15 a.m.•37 views

CVE-2024-7716

The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

4.8CVSS4.9AI score0.0013EPSS