Logo Slider

logo_slider

Vendor: Logichunt • 6 CVEs

CVEs (6)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-12308 1Logichunt 1Logo Slider May 7, 2025 Feb 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contr...Show more The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2024-10896 1Logichunt 1Logo Slider May 15, 2025 Nov 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting
CVE-2024-10473 1Logichunt 1Logo Slider May 15, 2025 Nov 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as A...Show more The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.Show less
CVE-2024-5429 1Logichunt 1Logo Slider May 17, 2025 Oct 17, 2024 N/A· v4 7.6 HIGH· v3 N/A· v2 The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform St...Show more The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2024-3288 1Logichunt 1Logo Slider Nov 21, 2024 Jun 7, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform St...Show more The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2022-4664 1Logichunt 1Logo Slider Mar 25, 2025 Feb 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contri...Show more The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less