Stored Cross-Site Scripting Vulnerability in Logo Carousel Plugin for WordPress
CVE-2025-2083
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 15 April 2025
What is CVE-2025-2083?
The Logo Carousel Gutenberg Block plugin allows authenticated attackers with Contributor-level access and above to exploit a Stored Cross-Site Scripting vulnerability via the 'sliderId' parameter. This issue arises from insufficient input sanitization and output escaping, permitting the injection of arbitrary web scripts. When a user accesses a page with the injected script, it executes, potentially leading to compromised user data and site integrity.
Affected Version(s)
Logo Carousel Gutenberg Block * <= 2.1.6