Stored Cross-Site Scripting Vulnerability in Logo Slider Plugin for WordPress
CVE-2026-13247
6.4MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 10 July 2026
What is CVE-2026-13247?
The Logo Slider β Logo Carousel, Client Logo Slider & Brand Showcase plugin for WordPress contains a vulnerability that allows stored cross-site scripting due to insufficient input sanitization and output escaping in the 'lgx_tooltip_position' parameter. This flaw enables authenticated attackers with contributor-level access and above to inject malicious web scripts. These scripts execute when users visit pages affected by this vulnerability, potentially compromising user information and site integrity.
Affected Version(s)
Logo Slider WP β Responsive Logo Carousel, Logo Gallery & Logo Showcase 0 <= 5.5
References
CVSS V3.1
Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Athiwat Tiprasaharn (Jitlada)
Itthidej Aramsri (Boeing777)