ByteOS Network

gs_logo_slider

Source -

ADPNVD

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2024-7716

Assigner-WPScan

View Details

Assigner-WPScan

CVSS Score-4.8||MEDIUM

EPSS-0.13% / 33.27%

7 Day CHG~0.00%

Published-11 Sep, 2024 | 06:00

Updated-25 Sep, 2024 | 19:35

GS Logo Slider Lite < 3.6.9 - Admin+ Stored XSS

The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Vendor-gsplugins Unknown gsplugins

Product-gs_logo_slider Logo Slider gs_logo_slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CVE-2022-4624

Assigner-WPScan

View Details

Assigner-WPScan

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 30.52%

7 Day CHG~0.00%

Published-23 Jan, 2023 | 14:31

Updated-02 Apr, 2025 | 16:15

GS Logo Slider < 3.3.8 - Contributor+ Stored XSS in Shortcode

The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.

Vendor-gsplugins Unknown

Product-gs_logo_slider GS Logo Slider

CWE ID-CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')