Gsplugins

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-9233 1Gsplugins 1Logo Slider Jun 4, 2025 May 15, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-11746 1Gsplugins 1Woocommerce Brands Feb 25, 2025 Feb 12, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' shortcode in all versio...Show more The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-11453 1Gsplugins 1Gs Pinterest Portfolio Jul 9, 2025 Dec 3, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in all versions up to,...Show more The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.Show less
CVE-2024-7716 1Gsplugins 1Gs Logo Slider Sep 25, 2024 Sep 11, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilter...Show more The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).Show less
CVE-2024-30192 1Gsplugins 1Gs Pinterest Portfolio Apr 28, 2026 Mar 27, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2.
CVE-2023-51530 1Gsplugins 1Logo Slider Apr 28, 2026 Feb 29, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gall...Show more Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1.Show less
CVE-2023-0539 1Gsplugins 1Gs Insever Portfolio Nov 21, 2024 Feb 27, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with t...Show more The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2023-0559 1Gsplugins 1Gs Portfolio For Envato Mar 14, 2025 Feb 21, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users...Show more The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2023-0541 1Gsplugins 1Gs Books Showcase Mar 12, 2025 Feb 21, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the...Show more The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2023-0540 1Gsplugins 1Gs Filterable Portfolio Mar 13, 2025 Feb 21, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users wit...Show more The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2023-0492 1Gsplugins 1Gs Products Slider Mar 14, 2025 Feb 21, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allo...Show more The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2022-4624 1Gsplugins 1Gs Logo Slider Apr 2, 2025 Jan 23, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform...Show more The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.Show less
CVE-2022-40213 1Gsplugins 1Gs Testimonial Slider Nov 21, 2024 Sep 23, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress.
CVE-2022-35882 1Gsplugins 1Gs Testimonial Slider Nov 21, 2024 Jul 28, 2022 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress.