CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12308 – Logo Slider < 4.6.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-12308
03 Feb 2025 — The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it poss... • https://wpscan.com/vulnerability/fa82ada7-357b-4f01-a0d6-ff633b188a80 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10473 – Logo Slider < 4.5.0 - Author+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10473
07 Nov 2024 — The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks. The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This... • https://wpscan.com/vulnerability/7512cbdf-cf27-4a1f-bac8-9fcb14bf463e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10896 – Logo Slider < 4.5.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-10896
07 Nov 2024 — The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Brand Name" field in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and ab... • https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5429 – Logo Slider < 4.1.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-5429
26 Sep 2024 — The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks El complemento Logo Slider de WordPress anterior a la versión 4.1.0 no valida ni escapa algunas de las configuraciones de su control deslizante antes de mostrarlas nuevamente en atributos, lo que podría permitir que los usuarios con el rol de colaborador y su... • https://wpscan.com/vulnerability/ddb76c88-aeca-42df-830e-abffd29f1141 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-7716 – GS Logo Slider Lite < 3.6.9 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-7716
20 Aug 2024 — The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.8 due to ... • https://wpscan.com/vulnerability/cfa67c43-6f09-43f5-9fbe-32a98a82f548 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-3288 – Logo Slider < 4.0.0 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-3288
17 May 2024 — The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks El complemento Logo Slider de WordPress anterior a 4.0.0 no valida ni escapa algunas de sus configuraciones del control deslizante antes de devolverlas en atributos, lo que podría permitir a los usuarios con el rol de colaborador y superiores realizar ataques... • https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4664 – Logo Slider < 3.6.0 - Contributor+ Stored XSS in Shortcode
https://notcve.org/view.php?id=CVE-2022-4664
16 Dec 2022 — The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via numerous shortcodes in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping in the 'lgx_output_... • https://wpscan.com/vulnerability/d6a9cfaa-d3fa-442e-a9a1-b06588723e39 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 2CVE-2022-1687 – Logo Slider <= 1.4.8 - Admin+ SQLi
https://notcve.org/view.php?id=CVE-2022-1687
09 May 2022 — The Logo Slider WordPress plugin through 1.4.8 does not sanitise and escape the lsp_slider_id parameter before using it in a SQL statement via the Manage Slider Images admin page, leading to an SQL Injection El plugin Logo Slider de WordPress versiones hasta 1.4.8, no sanea y escapa del parámetro lsp_slider_id antes de usarlo en una sentencia SQL por medio de la página de administración Manage Slider Images, conllevando a una inyección SQL • https://bulletin.iese.de/post/logo-slider_1-4-8 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •