VulnTitan VulnTitan Security command center
Plugin Vulnerability Hub
Plugin 9 known issues Latest disclosed Mar 20, 2026

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin Vulnerabilities

Review known vulnerability records for the WordPress plugin Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin (`logo-slider-wp`), including severity, CVE references, affected versions, and patch status.

View on WordPress.org Back to Feed
Known Records
9
High or Critical
0
Linked CVEs
9
Last Updated
Mar 20, 2026
Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin so operators can quickly confirm whether a disclosed issue maps to the installed slug and version range.

Patch Visibility
9 records include a published patch path.
Severity Mix
0 critical and 0 high severity findings.
Reference Workflow
Jump from the hub into the full report when you need remediation notes, CVSS vector details, or source references.
Known Vulnerabilities

Reports for Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: No CVE-2026-0609
Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'logo-slider' Shortcode

The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt text in all versions up to, and including, 4.9.0 due to insufficient input sanitization and output escaping in the 'logo-...

Published
Mar 20, 2026
Patched Release
Not published
Affected Versions
Versions up to 4.9.0
Next Step
Open the full report for remediation notes and references.
Open Full Report Open CVE Reference
Plugin Medium Patched: No CVE-2026-24626
Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting

The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject...

Published
Jan 10, 2026
Patched Release
Not published
Affected Versions
Versions up to 4.9.0
Next Step
Open the full report for remediation notes and references.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2025-13153
Logo Slider <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenti...

Published
Dec 12, 2025
Patched Release
4.9.0
Affected Versions
Versions up to 4.8.0
Next Step
Update to 4.9.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-12308
Logo Slider <= 4.5.0 - Authenticated (Admin+) Stored Cross-Site Scripting

The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-leve...

Published
Feb 03, 2025
Patched Release
4.6.0
Affected Versions
Versions up to 4.5.0
Next Step
Update to 4.6.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-10473
Logo Slider <= 4.1.0 - Authenticated (Author+) Stored Cross-Site Scripting

The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

Published
Nov 07, 2024
Patched Release
4.5.0
Affected Versions
Versions up to 4.1.0
Next Step
Update to 4.5.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-10896
Logo Slider <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the "Brand Name" field in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributo...

Published
Nov 07, 2024
Patched Release
4.5.0
Affected Versions
Versions up to 4.1.0
Next Step
Update to 4.5.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-5429
Logo Slider <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Brand Name field in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping....

Published
Sep 26, 2024
Patched Release
4.1.0
Affected Versions
Versions up to 4.0.0
Next Step
Update to 4.1.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2024-3288
Logo Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header and subtitle parameter in all versions up to, and including, 3.9.9 due to insufficient input sanitization and outp...

Published
May 17, 2024
Patched Release
4.0.0
Affected Versions
Versions up to 3.9.9
Next Step
Update to 4.0.0 or newer if supported.
Open Full Report Open CVE Reference
Plugin Medium Patched: Yes CVE-2022-4664
Logo Slider <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via numerous shortcodes in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping in the 'lgx_output_function_dep' function. This makes it possible for contr...

Published
Dec 16, 2022
Patched Release
3.6.0
Affected Versions
Versions up to 3.5.3
Next Step
Update to 3.6.0 or newer if supported.
Open Full Report Open CVE Reference