Stored Cross-Site Scripting vulnerability in The Logo Slider WordPress plugin
CVE-2024-5429

Currently unrated

Key Information:

Vendor: The Logo Slider WordPress plugin
Status: Logo Slider
Vendor: CVE Published:; 17 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Logo Slider WordPress plugin before 4.1.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks

Affected Version(s)

Logo Slider 0 < 4.1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-5429 - Proof of Concept

References

https://wpscan.com/vulnerability/ddb76c88-aeca-42df-830e-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Oct 17, 2024
👾
Exploit known to exist
Oct 17, 2024
Vulnerability published
Oct 17, 2024
Vulnerability Reserved
May 28, 2024

Collectors

NVD DatabaseMitre Database1 Proof of Concept(s)

Credit

Dmitrii Ignatyev

WPScan