Vulnerabilities and security researches forgs-logo-slider gs-logo-slider

Jun 07, 2024

CVE, Research URL: CVE-2022-4624
Home page URL: Security reports for Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Application: Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Date: Jan 23, 2023
Research Description: The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: max 3.3.8.
Status: vulnerable

CVE, Research URL: CVE-2023-51530
Home page URL: Security reports for Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Application: Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Date: Feb 29, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1.
Affected versions: max 3.5.2.
Status: vulnerable

Sep 12, 2024

CVE, Research URL: CVE-2024-7716
Home page URL: Security reports for Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Application: Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Date: Sep 11, 2024
Research Description: The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Affected versions: max 3.6.9.
Status: vulnerable

Nov 08, 2024

CVE, Research URL: CVE-2024-9233
Home page URL: Security reports for Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Application: Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Date: May 16, 2025
Research Description: The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
Affected versions: max 3.7.1.
Status: vulnerable

Mar 18, 2025

CVE, Research URL: CVE-2025-2262
Home page URL: Security reports for Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Application: Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Date: Mar 18, 2025
Research Description: The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Affected versions: max 3.7.4.
Status: vulnerable