CVE-2024-10896 - Vulnerability Details

The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00069.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Logichunt	Logo Slider
Logo Slider Wordpress	Logo Slider Wordpress

Configuration 1 [-]

cpe:2.3:a:logichunt:logo_slider:*:*:*:*:*:wordpress:*:*

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9/

History

Thu, 15 May 2025 18:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Logichunt Logichunt logo Slider
CPEs		cpe:2.3:a:logichunt:logo_slider::::::wordpress::*
Vendors & Products		Logichunt Logichunt logo Slider

Fri, 29 Nov 2024 16:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Logo Slider Wordpress Logo Slider Wordpress logo Slider Wordpress
Weaknesses		CWE-78
CPEs		cpe:2.3:a:logo_slider_wordpress:logo_slider_wordpress::::::::
Vendors & Products		Logo Slider Wordpress Logo Slider Wordpress logo Slider Wordpress
Metrics		cvssV3_1 `{'score': 5.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N'}` ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 28 Nov 2024 06:15:00 +0000

Type	Values Removed	Values Added
Description		The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting
Title		Logo Slider < 4.5.0 - Contributor+ Stored XSS
References		https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9/

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-11-28T06:00:12.112Z

Updated: 2024-11-29T15:39:39.900Z

Reserved: 2024-11-05T18:49:09.341Z

Link: CVE-2024-10896

Vulnrichment

Updated: 2024-11-29T15:39:32.370Z

NVD

Status : Analyzed

Published: 2024-11-28T06:15:08.233

Modified: 2025-05-15T17:35:40.350

Link: CVE-2024-10896

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object