Logichunt Logo Slider vulnerabilities
7 known vulnerabilities affecting logichunt/logo_slider.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM6
Vulnerabilities
Page 1 of 1
CVE-2026-24626MEDIUMCVSS 5.9≤ 4.9.02026-01-23
CVE-2026-24626 [MEDIUM] CWE-79 CVE-2026-24626: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt Logo Slider logo-slider-wp allows Stored XSS.This issue affects Logo Slider: from n/a through <= 4.9.0.
cvelistv5nvd
CVE-2024-12308MEDIUMCVSS 5.4fixed in 4.6.02025-02-24
CVE-2024-12308 [MEDIUM] CWE-79 CVE-2024-12308: The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode at
The Logo Slider WordPress plugin before 4.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
nvd
CVE-2024-10473MEDIUMCVSS 5.4fixed in 4.5.02024-11-28
CVE-2024-10473 [MEDIUM] CWE-79 CVE-2024-10473: The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Setting
The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.
nvd
CVE-2024-10896MEDIUMCVSS 5.4fixed in 4.5.02024-11-28
CVE-2024-10896 [MEDIUM] CWE-78 CVE-2024-10896: The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Sli
The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting
nvd
CVE-2024-5429HIGHCVSS 7.6fixed in 4.1.02024-10-17
CVE-2024-5429 [HIGH] CWE-79 CVE-2024-5429: The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Setti
The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
nvd
CVE-2024-3288MEDIUMCVSS 5.4fixed in 4.0.02024-06-07
CVE-2024-3288 [MEDIUM] CWE-79 CVE-2024-3288: The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Setti
The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
nvd
CVE-2022-4664MEDIUMCVSS 5.4fixed in 3.6.02023-02-06
CVE-2022-4664 [MEDIUM] CWE-79 CVE-2022-4664: The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode att
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
nvd