Cross-Site Scripting Vulnerability in Highwarden's Super Logos Showcase Plugin
CVE-2025-69054

7.1HIGH

Key Information:

Vendor: WordPress
Status: Super Logos Showcase
Vendor: CVE Published:; 22 January 2026

What is CVE-2025-69054?

A Cross-Site Scripting (XSS) vulnerability exists in Highwarden's Super Logos Showcase plugin, which allows an attacker to inject malicious scripts into web pages generated by the plugin. This vulnerability can lead to reflected XSS attacks, where the injected scripts are executed in the context of a user's browser. Attackers can exploit this vulnerability to steal sensitive information or perform actions on behalf of the user without their consent. The affected versions include all versions from n/a up to and including 2.8, making it crucial for users to ensure they are running the latest version to safeguard against potential exploits.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Super Logos Showcase <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/superlog...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 22, 2026
Vulnerability Reserved
Dec 29, 2025

Credit

0xd4rk5id3 | Patchstack Bug Bounty Program

JSON

WordPress