Logichunt

logichunt

7 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-12308 1Logichunt 1Logo Slider May 7, 2025 Feb 24, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contr...Show more The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.Show less
CVE-2024-10896 1Logichunt 1Logo Slider May 15, 2025 Nov 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting
CVE-2024-10473 1Logichunt 1Logo Slider May 15, 2025 Nov 28, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as A...Show more The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.Show less
CVE-2024-5429 1Logichunt 1Logo Slider May 17, 2025 Oct 17, 2024 N/A· v4 7.6 HIGH· v3 N/A· v2 The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform St...Show more The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2024-3288 1Logichunt 1Logo Slider Nov 21, 2024 Jun 7, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform St...Show more The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less
CVE-2024-24801 1Logichunt 1Owl Carousel Apr 28, 2026 Feb 10, 2024 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress O...Show more Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0.Show less
CVE-2022-4664 1Logichunt 1Logo Slider Mar 25, 2025 Feb 6, 2023 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contri...Show more The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacksShow less