CVE-2025-13153Cross-site Scripting

CWE-79Cross-site Scripting4 documents4 sources
Severity
6.1MEDIUMNVD
EPSS
0.0%
top 98.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
No affected products listed
Timeline
PublishedJan 2

Description

The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

🔴Vulnerability Details

2
CVEList
Logo Slider < 4.9.0 - Contributor+ Stored XSS2026-01-02
GHSA
GHSA-24cx-vf27-7gv3: The Logo Slider WordPress plugin before 42026-01-02

🕵️Threat Intelligence

1
Wiz
CVE-2025-13153 Impact, Exploitability, and Mitigation Steps | Wiz
CVE-2025-13153 — Cross-site Scripting | cvebase