- Description
- The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.
- Source
- contact@wpscan.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.4
- Impact score
- 2.7
- Exploitability score
- 2.3
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- 134c704f-9b21-4f2e-91b3-4a467353bcc0
- CWE-79
- Hype score
- Not currently trending
CVE-2024-10473 Cross-Site Scripting Vulnerability in Logo Slider WordPress Plugin Before version 4.5.0, the Logo Slider WordPress plugin has a Cross-Site Scripting vulnerability. It doesn't properly clean up some... https://t.co/6Edk5GXUeC
@VulmonFeeds
28 Nov 2024
58 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2024-10473 The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is … https://t.co/Ehkop86VLt
@CVEnew
28 Nov 2024
487 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes