CVE-2024-10896 - Vulnerability Details

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00112.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Logichunt Subscribe	Logo Slider Subscribe
Logo Slider Wordpress Subscribe	Logo Slider Wordpress Subscribe

Configuration 1 [-]

cpe:2.3:a:logichunt:logo_slider:*:*:*:*:*:wordpress:*:*

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9/

History

Fri, 16 May 2025 03:00:00 +0900

Type	Values Removed	Values Added
First Time appeared		Logichunt Logichunt logo Slider
CPEs		cpe:2.3:a:logichunt:logo_slider::::::wordpress::*
Vendors & Products		Logichunt Logichunt logo Slider

Sat, 30 Nov 2024 01:15:00 +0900

Type	Values Removed	Values Added
First Time appeared		Logo Slider Wordpress Logo Slider Wordpress logo Slider Wordpress
Weaknesses		CWE-78
CPEs		cpe:2.3:a:logo_slider_wordpress:logo_slider_wordpress::::::::
Vendors & Products		Logo Slider Wordpress Logo Slider Wordpress logo Slider Wordpress
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 28 Nov 2024 15:15:00 +0900

Type	Values Removed	Values Added
Description		The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting
Title		Logo Slider < 4.5.0 - Contributor+ Stored XSS
References		https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9/

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-11-28T06:00:12.112Z

Updated: 2024-11-29T15:39:39.900Z

Reserved: 2024-11-05T18:49:09.341Z

Link: CVE-2024-10896

Vulnrichment

Updated: 2024-11-29T15:39:32.370Z

NVD

Status : Analyzed

Published: 2024-11-28T06:15:08.233

Modified: 2025-05-15T17:35:40.350

Link: CVE-2024-10896

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-78

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object