Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

logo_carousel

Source -

ADPNVD

CNA CVEs -

0

ADP CVEs -

1

CISA CVEs -

0

NVD CVEs -

2
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2024-3020
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.2||HIGH
EPSS-0.75% / 72.24%
||
7 Day CHG~0.00%
Published-10 Apr, 2024 | 04:30
Updated-01 Aug, 2024 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The plugin is vulnerable to PHP Object Injection in versions up to and including, 2.6.3 via deserialization of untrusted input in the import function via the 'shortcode' parameter. This allows authenticated attackers, with administrator-level access to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

Action-Not Available
Vendor-shapedpluginshapedplugin
Product-Carousel, Slider, Gallery by WP Carousel – Image Carousel & Photo Gallery, Post Carousel & Post Grid, Product Carousel & Product Grid for WooCommercelogo_carouselproduct_slider_for_woocommercepost_grid\,_post_carousel\,_\&_list_category_posts
CVE-2021-24739
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-8.1||HIGH
EPSS-0.54% / 66.61%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 08:45
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Logo Carousel < 3.4.2 - Unauthorised Private Post Access

The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature

Action-Not Available
Vendor-shapedpluginUnknown
Product-logo_carouselLogo Carousel – Logo Slider, Logo Showcase, and Clients Logo Gallery
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-24738
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-5.4||MEDIUM
EPSS-0.18% / 39.92%
||
7 Day CHG~0.00%
Published-21 Dec, 2021 | 08:45
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Logo Carousel < 3.4.2 - Contributor+ Stored Cross-Site Scripting

The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks

Action-Not Available
Vendor-shapedpluginUnknown
Product-logo_carouselLogo Carousel – Logo Slider, Logo Showcase, and Clients Logo Gallery
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')