Logo Carousel

logo_carousel

Vendor: Shapedplugin • 2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-24739 1Shapedplugin 1Logo Carousel Nov 21, 2024 Dec 21, 2021 N/A· v4 8.1 HIGH· v3 5.5 MEDIUM· v2 The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature
CVE-2021-24738 1Shapedplugin 1Logo Carousel Nov 21, 2024 Dec 21, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks