Vulnerabilites related to logichunt - logo_slider
cve-2024-3288
Vulnerability from cvelistv5
Published
2024-06-07 06:00
Modified
2024-11-06 23:14
Severity ?
EPSS score ?
Summary
The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/ | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Logo Slider |
Version: 0 ≤ |
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-3288", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-07T10:01:10.360342Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-06T23:14:21.788Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-01T20:05:08.225Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "exploit", "vdb-entry", "technical-description", "x_transferred", ], url: "https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Logo Slider ", vendor: "Unknown", versions: [ { lessThan: "4.0.0", status: "affected", version: "0", versionType: "semver", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Krugov Artyom", }, { lang: "en", type: "coordinator", value: "WPScan", }, ], descriptions: [ { lang: "en", value: "The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", }, ], problemTypes: [ { descriptions: [ { description: "CWE-79 Cross-Site Scripting (XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-07T06:00:02.259Z", orgId: "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", shortName: "WPScan", }, references: [ { tags: [ "exploit", "vdb-entry", "technical-description", ], url: "https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/", }, ], source: { discovery: "EXTERNAL", }, title: "Logo Slider < 4.0.0 - Contributor+ Stored XSS", x_generator: { engine: "WPScan CVE Generator", }, }, }, cveMetadata: { assignerOrgId: "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", assignerShortName: "WPScan", cveId: "CVE-2024-3288", datePublished: "2024-06-07T06:00:02.259Z", dateReserved: "2024-04-03T20:31:04.876Z", dateUpdated: "2024-11-06T23:14:21.788Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-4664
Vulnerability from cvelistv5
Published
2023-02-06 19:59
Modified
2025-03-25 20:45
Severity ?
EPSS score ?
Summary
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/d6a9cfaa-d3fa-442e-a9a1-b06588723e39 | exploit, vdb-entry, technical-description |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Unknown | Logo Slider |
Version: 0 < 3.6.0 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T01:48:39.689Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "exploit", "vdb-entry", "technical-description", "x_transferred", ], url: "https://wpscan.com/vulnerability/d6a9cfaa-d3fa-442e-a9a1-b06588723e39", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2022-4664", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-03-25T20:45:31.302151Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2025-03-25T20:45:45.241Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { collectionURL: "https://wordpress.org/plugins", defaultStatus: "unaffected", product: "Logo Slider", vendor: "Unknown", versions: [ { lessThan: "3.6.0", status: "affected", version: "0", versionType: "custom", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Lana Codes", }, { lang: "en", type: "coordinator", value: "WPScan", }, ], descriptions: [ { lang: "en", value: "The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", }, ], problemTypes: [ { descriptions: [ { description: "CWE-79 Cross-Site Scripting (XSS)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2023-02-06T19:59:12.545Z", orgId: "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", shortName: "WPScan", }, references: [ { tags: [ "exploit", "vdb-entry", "technical-description", ], url: "https://wpscan.com/vulnerability/d6a9cfaa-d3fa-442e-a9a1-b06588723e39", }, ], source: { discovery: "EXTERNAL", }, title: "Logo Slider < 3.6.0 - Contributor+ Stored XSS in Shortcode", x_generator: { engine: "WPScan CVE Generator", }, }, }, cveMetadata: { assignerOrgId: "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", assignerShortName: "WPScan", cveId: "CVE-2022-4664", datePublished: "2023-02-06T19:59:12.545Z", dateReserved: "2022-12-22T20:01:27.679Z", dateUpdated: "2025-03-25T20:45:45.241Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2023-02-06 20:15
Modified
2025-03-25 21:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/d6a9cfaa-d3fa-442e-a9a1-b06588723e39 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/d6a9cfaa-d3fa-442e-a9a1-b06588723e39 | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| logichunt | logo_slider | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:logichunt:logo_slider:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "6DFC919A-8D40-48E4-9F1E-1087B366676A", versionEndExcluding: "3.6.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Logo Slider WordPress plugin before 3.6.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", }, ], id: "CVE-2022-4664", lastModified: "2025-03-25T21:15:38.820", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2023-02-06T20:15:11.730", references: [ { source: "contact@wpscan.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://wpscan.com/vulnerability/d6a9cfaa-d3fa-442e-a9a1-b06588723e39", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://wpscan.com/vulnerability/d6a9cfaa-d3fa-442e-a9a1-b06588723e39", }, ], sourceIdentifier: "contact@wpscan.com", vulnStatus: "Modified", }
Vulnerability from fkie_nvd
Published
2024-06-07 06:15
Modified
2024-11-21 09:29
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
References
| ▼ | URL | Tags | |
|---|---|---|---|
| contact@wpscan.com | https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| logichunt | logo_slider | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:logichunt:logo_slider:*:*:*:*:*:wordpress:*:*", matchCriteriaId: "1E676EDD-A336-42BE-B662-29D43DD8B5D2", versionEndExcluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks", }, { lang: "es", value: "El complemento Logo Slider de WordPress anterior a 4.0.0 no valida ni escapa algunas de sus configuraciones del control deslizante antes de devolverlas en atributos, lo que podría permitir a los usuarios con el rol de colaborador y superiores realizar ataques de Cross-Site Scripting Almacenado.", }, ], id: "CVE-2024-3288", lastModified: "2024-11-21T09:29:19.570", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-07T06:15:10.837", references: [ { source: "contact@wpscan.com", tags: [ "Third Party Advisory", ], url: "https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://wpscan.com/vulnerability/4ef99f54-68df-4353-8fc0-9b09ac0df7ba/", }, ], sourceIdentifier: "contact@wpscan.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }