Stored Cross-Site Scripting Vulnerability in Logo Slider Plugin for WordPress
CVE-2026-13247

6.4MEDIUM

What is CVE-2026-13247?

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase plugin for WordPress contains a vulnerability that allows stored cross-site scripting due to insufficient input sanitization and output escaping in the 'lgx_tooltip_position' parameter. This flaw enables authenticated attackers with contributor-level access and above to inject malicious web scripts. These scripts execute when users visit pages affected by this vulnerability, potentially compromising user information and site integrity.

Affected Version(s)

Logo Slider WP – Responsive Logo Carousel, Logo Gallery & Logo Showcase 0 <= 5.5

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Athiwat Tiprasaharn (Jitlada)
Itthidej Aramsri (Boeing777)
.