CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24738 – Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2021-24738
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks El plugin Logo Carousel de WordPress versiones anteriores a 3.4.2, no comprueba ni escapa de la opción de carrusel "Logo Margin", lo que podría permitir a usuarios con un rol tan bajo como el de Colaborador llevar a cabo ataques de tipo Cross-Site Scripting Almacenado • https://wpscan.com/vulnerability/2c3d8c21-ecd4-41ba-8183-2ecbd9a3df25 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24739 – Logo Carousel < 3.4.2 - Unauthorised Private Post Access
https://notcve.org/view.php?id=CVE-2021-24739
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature El plugin Logo Carousel de WordPress versiones anteriores a 3.4.2, permite a usuarios con un rol tan bajo como el de Contribuyente duplicar y visualizar publicaciones privadas arbitrarias hechas por otros usuarios por medio de la función Carousel Duplication • https://wpscan.com/vulnerability/2afadc76-93ad-47e1-a224-e442ac41cbce • CWE-285: Improper Authorization CWE-639: Authorization Bypass Through User-Controlled Key •