cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forlogo-showcase-ultimate logo-showcase-ultimate

Direction: descending
Apr 11, 2025

Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid # CVE-2025-32499

CVE, Research URL

CVE-2025-32499

Home page URL

Security reports for Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid

Application

Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid

Date
Apr 09, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpWax Logo Showcase Ultimate allows PHP Local File Inclusion. This issue affects Logo Showcase Ultimate: from n/a through 1.4.4.
Affected versions
Min -, max -.
Status
vulnerable
Aug 28, 2024

Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid # CVE-2024-8046

CVE, Research URL

CVE-2024-8046

Home page URL

Security reports for Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid

Application

Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid

Date
Aug 27, 2024
Research Description
The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.
Affected versions
Min -, max -.
Status
vulnerable
Jun 07, 2024

Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid # CVE-2024-1951

CVE, Research URL

CVE-2024-1951

Home page URL

Security reports for Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid

Application

Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid

Date
Mar 13, 2024
Research Description
The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
Affected versions
Min -, max -.
Status
vulnerable