Does Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin have any unpatched vulnerabilities?

Yes — Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin currently has 2 unpatched vulnerabilities. We recommend switching to an alternative or applying any available workarounds.

Is Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin compatible with WordPress 6.9.4?

According to WordPress.org data, Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin 4.9.0 has been tested up to WordPress 6.9.4. Check the plugin's changelog for the latest compatibility information.

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin Security & Risk Analysis

wordpress.org/plugins/logo-slider-wp

Responsive Logo Slider & Grid for WordPress. Display unlimited logos in customizable carousels with infinite loop. Perfect for showcasing clients, …

10K active installs v4.9.0 PHP + WP 4.3+ Updated Dec 11, 2025

C · Use Caution

CVEs total9

Unpatched2

Last CVEMar 20, 2026

Plugin page Download

Safety Verdict

Is Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin Safe to Use in 2026?

Use With Caution

Score 52/100

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin has 2 unpatched vulnerabilities. Evaluate alternatives or apply available mitigations.

9 known CVEs 2 unpatched Last CVE: Mar 20, 2026Updated 3mo ago

Risk Assessment

The "logo-slider-wp" plugin version 4.9.0 exhibits a mixed security posture. On the positive side, the code demonstrates good practices in several areas, including the absence of dangerous functions, all SQL queries utilizing prepared statements, and a lack of file operations or external HTTP requests. The presence of nonce checks, while not universally applied, is also a positive sign. However, significant concerns arise from the plugin's attack surface. With one unprotected AJAX handler, this presents a direct entry point for potential attacks that could be exploited without proper user authentication. Furthermore, the high percentage of output escaping (81%) indicates that while most output is handled correctly, there's still a non-negligible portion that could be vulnerable to cross-site scripting if the unsanitized outputs are exploited.

The plugin's vulnerability history is a major red flag. Having a total of 8 known CVEs, with one still unpatched, suggests a recurring pattern of security weaknesses. The commonality of Cross-site Scripting (XSS) vulnerabilities in its history, coupled with the statically identified potential for unescaped output, reinforces the risk of XSS attacks. The fact that the last known vulnerability was in the future (2026-01-10) is likely a data error, but regardless, the historical trend points to a plugin that has struggled with robust security. While the current static analysis doesn't reveal critical taint flows or raw SQL issues, the combination of an unprotected entry point and a history of XSS vulnerabilities necessitates caution.

Key Concerns

Unprotected AJAX handler
Unpatched CVE
Medium severity CVEs (8 total)
Significant portion of output unescaped
Low number of capability checks

Vulnerabilities

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2022

2022

4 CVEs in 2024

2024

2 CVEs in 2025

2025

2 CVEs in 2026 · unpatched

2026

Patched Has unpatched

Severity Breakdown

Medium

9 total CVEs

CVE-2026-0609medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'logo-slider' Shortcode

Mar 20, 2026Unpatched

CVE-2026-24626medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Logo Slider <= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting

Jan 10, 2026Unpatched

CVE-2025-13153medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Logo Slider <= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 12, 2025 Patched in 4.9.0 (26d)

CVE-2024-12308medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Logo Slider <= 4.5.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Feb 3, 2025 Patched in 4.6.0 (24d)

CVE-2024-10896medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Logo Slider <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Nov 7, 2024 Patched in 4.5.0 (112d)

CVE-2024-10473medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Logo Slider <= 4.1.0 - Authenticated (Author+) Stored Cross-Site Scripting

Nov 7, 2024 Patched in 4.5.0 (112d)

CVE-2024-5429medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Logo Slider <= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting

Sep 26, 2024 Patched in 4.1.0 (23d)

CVE-2024-3288medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Logo Slider <= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting

May 17, 2024 Patched in 4.0.0 (4d)

CVE-2022-4664medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Logo Slider <= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting

Dec 16, 2022 Patched in 3.6.0 (403d)

Code Analysis

Analyzed Mar 16, 2026

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

240 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

81% escaped295 total outputs

Attack Surface

1 unprotected

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin Attack Surface

Entry Points4

Unprotected1

AJAX Handlers 1

authwp_ajax_lgx_ls_admin_lswp_reorderincludes\class-logo-slider-wp.php:232

Shortcodes 3

[logo-slider-wp] includes\class-logo-slider-wp.php:259

[logo-slider] public\class-logo-slider-wp-public.php:66

[lgxlogoslider] public\class-logo-slider-wp-public.php:467

WordPress Hooks 28

actionadmin_enqueue_scriptsincludes\class-logo-slider-wp-setting.php:30

actionplugins_loadedincludes\class-logo-slider-wp.php:147

actionactivated_pluginincludes\class-logo-slider-wp.php:163

actionadmin_noticesincludes\class-logo-slider-wp.php:164

actionadmin_enqueue_scriptsincludes\class-logo-slider-wp.php:167

actionadmin_enqueue_scriptsincludes\class-logo-slider-wp.php:168

actioninitincludes\class-logo-slider-wp.php:171

actioninitincludes\class-logo-slider-wp.php:172

actioninitincludes\class-logo-slider-wp.php:175

actionadd_meta_boxesincludes\class-logo-slider-wp.php:178

actionadd_meta_boxes_logosliderwpincludes\class-logo-slider-wp.php:181

actionadd_meta_boxes_lgx_lsp_shortcodesincludes\class-logo-slider-wp.php:184

filterpostbox_classes_lgx_lsp_shortcodes_lgx_lsp_shortcodes_meta_box_panelincludes\class-logo-slider-wp.php:186

actionsave_post_logosliderwpincludes\class-logo-slider-wp.php:189

actionsave_post_lgx_lsp_shortcodesincludes\class-logo-slider-wp.php:192

actionadmin_menuincludes\class-logo-slider-wp.php:195

filtermanage_logosliderwp_posts_columnsincludes\class-logo-slider-wp.php:198

actionmanage_logosliderwp_posts_custom_columnincludes\class-logo-slider-wp.php:201

filtermanage_lgx_lsp_shortcodes_posts_columnsincludes\class-logo-slider-wp.php:206

actionmanage_lgx_lsp_shortcodes_posts_custom_columnincludes\class-logo-slider-wp.php:209

filterplugin_row_metaincludes\class-logo-slider-wp.php:218

filtermanage_logosliderwp_posts_columnsincludes\class-logo-slider-wp.php:222

actionmanage_logosliderwp_posts_custom_columnincludes\class-logo-slider-wp.php:225

actionpre_get_postsincludes\class-logo-slider-wp.php:229

actionadmin_initincludes\class-logo-slider-wp.php:236

actionwp_enqueue_scriptsincludes\class-logo-slider-wp.php:252

actionwp_enqueue_scriptsincludes\class-logo-slider-wp.php:253

actioninitincludes\class-logo-slider-wp.php:256

Maintenance & Trust

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4

Last updatedDec 11, 2025

PHP min version

Downloads407K

Community Trust

Rating88/100

Number of ratings58

Active installs10K

Alternatives

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin Alternatives

No alternatives data available yet.

Developer Profile

Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin Developer Profile

LogicHunt

3 plugins · 11K total installs

trust score

Avg Security Score

78/100

Avg Patch Time

88 days

View full developer profile

Detection Fingerprints

How We Detect Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/logo-slider-wp/admin/css/admin.css/wp-content/plugins/logo-slider-wp/admin/js/admin.js/wp-content/plugins/logo-slider-wp/public/css/style.css/wp-content/plugins/logo-slider-wp/public/js/owl.carousel.min.js/wp-content/plugins/logo-slider-wp/public/js/public.js/wp-content/plugins/logo-slider-wp/public/js/jquery.waypoints.min.js/wp-content/plugins/logo-slider-wp/public/js/jquery.counterup.min.js/wp-content/plugins/logo-slider-wp/public/lib/slick/slick.min.js+5 more

Script Paths

/wp-content/plugins/logo-slider-wp/admin/js/admin.js/wp-content/plugins/logo-slider-wp/public/js/owl.carousel.min.js/wp-content/plugins/logo-slider-wp/public/js/public.js/wp-content/plugins/logo-slider-wp/public/js/jquery.waypoints.min.js/wp-content/plugins/logo-slider-wp/public/js/jquery.counterup.min.js/wp-content/plugins/logo-slider-wp/public/lib/slick/slick.min.js+2 more

Version Parameters

logo-slider-wp/admin/css/admin.css?ver=logo-slider-wp/admin/js/admin.js?ver=logo-slider-wp/public/css/style.css?ver=logo-slider-wp/public/js/owl.carousel.min.js?ver=logo-slider-wp/public/js/public.js?ver=logo-slider-wp/public/js/jquery.waypoints.min.js?ver=logo-slider-wp/public/js/jquery.counterup.min.js?ver=logo-slider-wp/public/lib/slick/slick.min.js?ver=logo-slider-wp/public/lib/slick/slick.css?ver=logo-slider-wp/public/lib/prettyphoto/prettyPhoto.css?ver=logo-slider-wp/public/lib/prettyphoto/prettyPhoto.js?ver=logo-slider-wp/public/lib/wow/wow.min.js?ver=logo-slider-wp/public/lib/wow/animate.css?ver=

HTML / DOM Fingerprints

CSS Classes

logo-slider-wplogo-slider-wp-frontendlgx-logo-slider-wraplgx-logo-sliderlgx-single-logo

HTML Comments

+1 more

Data Attributes

data-lgx-slides-to-showdata-lgx-slides-to-scrolldata-lgx-autoplaydata-lgx-loopdata-lgx-arrowsdata-lgx-dots+14 more

JS Globals

logoSliderFrontend

Shortcode Output

[logo-slider-wp

FAQ