Cross-Site Scripting Vulnerability in Logo Slider WordPress Plugin
CVE-2024-10473

Currently unrated

Key Information:

Vendor: Logo Slider WordPress plugin
Status: Logo Slider
Vendor: CVE Published:; 28 November 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

CVE-2024-10473 is a significant Cross-Site Scripting (XSS) vulnerability found in the Logo Slider WordPress plugin versions before 4.5.0. The vulnerability arises from improper sanitization and escaping of specific Logo Settings when they are rendered on pages containing the Logo Slider shortcode. This flaw enables users with minimal privileges, such as those with the Author role, to inject malicious scripts. If exploited, this may lead to unauthorized actions on behalf of users and compromise site security. It is crucial for website administrators to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

Logo Slider 0 < 4.5.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10473 - Proof of Concept

References

https://wpscan.com/vulnerability/7512cbdf-cf27-4a1f-bac8-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Nov 28, 2024
👾
Exploit known to exist
Nov 28, 2024
Vulnerability published
Nov 28, 2024
Vulnerability Reserved
Oct 28, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Dmitrii Ignatyev

WPScan