Stored Cross-Site Scripting Vulnerability in WordPress Logo Slider Plugin
CVE-2024-10896

Currently unrated

Key Information:

Vendor: Logo Slider WordPress plugin
Status: Logo Slider
Vendor: CVE Published:; 28 November 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Logo Slider WordPress plugin, prior to version 4.5.0, contains a critical vulnerability due to inadequate sanitization and escaping of inputs in its Logo and Slider settings. This flaw allows attackers with high privileges, such as Contributors, to exploit the vulnerability by performing Stored Cross-Site Scripting (XSS) attacks. The consequence of such attacks could lead to unauthorized actions being executed on behalf of other users, potentially compromising the security of the entire WordPress site.

Affected Version(s)

Logo Slider 0 < 4.5.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10896 - Proof of Concept

References

https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Nov 28, 2024
👾
Exploit known to exist
Nov 28, 2024
Vulnerability published
Nov 28, 2024
Vulnerability Reserved
Nov 5, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Dmitrii Ignatyev

WPScan