Cross-Site Scripting Vulnerability in WEN Themes' WEN Logo Slider Product
CVE-2025-62127

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Wen Logo Slider
Vendor: CVE Published:; 7 May 2026

What is CVE-2025-62127?

The WEN Logo Slider, developed by WEN Themes, contains a Cross-Site Scripting (XSS) vulnerability that stems from improper neutralization of user input during web page generation. This security flaw allows attackers to exploit DOM-based XSS, potentially enabling them to execute malicious scripts within the context of a user's browser. This vulnerability affects all versions of the WEN Logo Slider, starting from unspecified versions up to and including version 3.4.0. Users are advised to implement security measures promptly to mitigate the risk associated with this vulnerability.

Affected Version(s)

WEN Logo Slider <= 3.4.0

References

https://patchstack.com/database/wordpress/plugin/wen-logo...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2026
Vulnerability Reserved
Oct 7, 2025

Credit

Nabil Irawan | Patchstack Bug Bounty Program

CVE-2025-62127 Data

JSON