[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fHEJTcRNJfEmnYBBchg4thh9vmLPalmKHn5x_Q3DUw-g":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":20,"download_link":21,"security_score":22,"vuln_count":23,"unpatched_count":24,"last_vuln_date":25,"fetched_at":26,"vulnerabilities":27,"developer":132,"crawl_stats":33,"alternatives":139,"analysis":140,"fingerprints":380},"logo-slider-wp","Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin","4.9.0","LogicHunt","https:\u002F\u002Fprofiles.wordpress.org\u002Flogichunt\u002F","\u003Cp>Lightning-Fast Logo Sliders & Grids for WordPress.  Showcase clients, partners, or sponsors in minutes with the Logo Slider plugin.  Create stunning, responsive logo displays with smooth animations and customizable layouts – no coding required! Enhance your website’s credibility and design effortlessly.\u003C\u002Fp>\n\u003Ch3>Logo Slider by \u003Ca href=\"https:\u002F\u002Flogichunt.com\" rel=\"nofollow ugc\">LogicHunt.com\u003C\u002Fa>\u003C\u002Fh3>\n\u003Cblockquote>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Fdemo.logichunt.com\u002Flogo-slider-wp\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Live Demo\u003C\u002Fstrong>\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Fdocs.logichunt.com\u002Flogo-slider-wp\" rel=\"nofollow ugc\">\u003Cstrong>Docs\u003C\u002Fstrong>\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Flogichunt.com\u002Fsupport\" rel=\"nofollow ugc\">\u003Cstrong>Support\u003C\u002Fstrong>\u003C\u002Fa>  | \u003Ca href=\"https:\u002F\u002Flogichunt.com\u002Fproduct\u002Fwordpress-logo-slider\" rel=\"nofollow ugc\">\u003Cstrong>Get Premium Version\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>Logo Slider is a responsive and easy to use Logo Showcase carousel slider plugin for wordpress. With this Logo Slider plugin you can display a list of clients, supporters, partners, team or sponsors logos in your website. You can Create a grid of images with suitable links. This logo showcase plugin works great on mobiles and tablets.\u003C\u002Fp>\n\u003Cp>This Logo Carousel plugin allows you to add a logo showcase to any page of your wordPress site using an easy to use shortcodes. This Logo Carousel Slider Can Display Unlimited Logo with Infinity Slides Loop. Don’t miss out on the opportunity to elevate your WordPress website with our powerful Logo Slider, Carousel, and Showcase Plugin.\u003C\u002Fp>\n\u003Cp>It’s a very simple, highly customizable & easy to implement 100% responsive Logo Carousel Slider & Grid Showcase WordPress Plugin. Control Almost Everything from Strong Admin Settings. No need for any coding skills to showcase your company or client’s brand logo. \u003Cstrong>Enjoy Without Any Annoying Admin Notice.\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Ch4>The Best WordPress Logo Showcase Carousel Slider with Unlimited Brand Logo with Infinity Slides Loop. Full Responsive, Multi-usage & Easy to Use.\u003C\u002Fh4>\n\u003Cp>Enhance the visual appeal and professionalism of your WordPress website with our cutting-edge WordPress Logo Slider plugin. Designed to effortlessly display your logo collection, this powerful plugin offers three dynamic and customizable options: Logo Slider, Logo Carousel, and Logo Showcase.\u003C\u002Fp>\n\u003Cp>Whether you’re a business owner, freelancer, or creative agency, our plugin is the perfect solution for showcasing your partners, sponsors, clients, or brands in a stunning and interactive manner.\u003C\u002Fp>\n\u003Cp>Download it now from the official WordPress plugin directory and take your website’s visual presentation to the next level!\u003C\u002Fp>\n\u003Ch4>Key Features:\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>\n\u003Cp>Logo Slider: Transform your website’s appearance with an elegant logo slider that smoothly scrolls through your logo collection. Choose from various slider styles, including horizontal and vertical layouts, to best complement your website’s design. Adjust the slider speed, navigation options, and animation effects to create a captivating user experience.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Logo Carousel: Add a touch of sophistication to your website with a mesmerizing logo carousel. Allow your visitors to effortlessly glide through your logo gallery using swipe or navigation buttons. Customize the carousel’s dimensions, autoplay settings, and transition effects to match your website’s aesthetics.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Logo Showcase: Present your logos in a visually engaging and interactive showcase format. Display logos in a grid or masonry layout with adjustable spacing and dimensions. Enable lightbox functionality, so visitors can view larger versions of your logos and gain more information about each brand. You can also add custom captions or descriptions to further enhance the showcase’s impact.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Seamless Integration: Our plugin seamlessly integrates with your WordPress website, ensuring a hassle-free installation process. It is fully compatible with popular WordPress themes and works flawlessly across different devices and screen sizes, providing a consistent and optimized user experience.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Easy-to-Use Interface: Our user-friendly interface allows you to effortlessly upload, manage, and organize your logo collection. Simply drag and drop logos, reorder them as desired, and customize their appearance with various styling options. No coding knowledge is required!\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Advanced Customization: Tailor the plugin to your specific needs with advanced customization options. Choose from a wide range of pre-designed templates, color schemes, and fonts, or create your own unique styles to match your brand identity. The plugin also supports adding custom CSS for further customization possibilities.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003Cli>\n\u003Cp>Performance Optimization: We understand the importance of website performance. Our plugin is lightweight and optimized for speed, ensuring minimal impact on your site’s loading times. Additionally, the plugin is SEO-friendly, allowing search engines to crawl and index your logo content effectively.\u003C\u002Fp>\n\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Basic Input Fields\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Logo Image\u003C\u002Fli>\n\u003Cli>Brand or Company Name\u003C\u002Fli>\n\u003Cli>Tooltip Text\u003C\u002Fli>\n\u003Cli>Brand URL\u003C\u002Fli>\n\u003Cli>Item Description\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>What’s New?\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>One-Click Shortcode Generator.\u003C\u002Fli>\n\u003Cli>Grid and Slider Layouts.\u003C\u002Fli>\n\u003Cli>Add Unlimited Showcase and Logo Item.\u003C\u002Fli>\n\u003Cli>Separate Settings for Each Shortcode\u002FShowcase.\u003C\u002Fli>\n\u003Cli>100+ Hover Animation and Effect.\u003C\u002Fli>\n\u003Cli>Custom Tooltip Text for Each Logo.\u003C\u002Fli>\n\u003Cli>Smooth Ticker Enabled Carousel Slider.\u003C\u002Fli>\n\u003Cli>Coverflow Transition Effect.\u003C\u002Fli>\n\u003Cli>Lazy Loading Carousel Slider.\u003C\u002Fli>\n\u003Cli>Full True RTL Supported. \u003C\u002Fli>\n\u003Cli>Grid Image Vertically Top, Bottom, & Center Alignment.\u003C\u002Fli>\n\u003Cli>Fully Customizable Title and Subtitle of the Showcase Area Header.\u003C\u002Fli>\n\u003Cli>Set tooltip text, background, border and arrows color and dimension.\u003C\u002Fli>\n\u003Cli>Adjust Item title & description font size, color, weight and  bottom margin.\u003C\u002Fli>\n\u003Cli>Set Showcase Area Background IMAGE\u002FCOLOR, Overlay Color, Width, Padding, Margin etc. \u003C\u002Fli>\n\u003Cli>Logo Item Can Be sorted as ASC\u002F DESC order by Custom Drag & Drop, Title, Date, or Randomly.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Features of the plugin includes\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Show unlimited logos.\u003C\u002Fli>\n\u003Cli>Reorder logos by Drag & Drop.\u003C\u002Fli>\n\u003Cli>Easy To Use – no coding required.\u003C\u002Fli>\n\u003Cli>User-friendly Shortcode Generator.\u003C\u002Fli>\n\u003Cli>100% Responsive and Mobile friendly.\u003C\u002Fli>\n\u003Cli>Generate unlimited showcase shortcode.  \u003C\u002Fli>\n\u003Cli>Control the number of showcase columns on different Device Viewport.\u003C\u002Fli>\n\u003Cli>Fastest Support By Core Developer Team.\u003C\u002Fli>\n\u003Cli>Image, Link, Title, Tooltip Text  & Description option for each item.\u003C\u002Fli>\n\u003Cli>Enable\u002Fdisable full item or logo image border-color, width, radius & hover color.   \u003C\u002Fli>\n\u003Cli>Enable\u002FDisable section header.\u003C\u002Fli>\n\u003Cli>CSS3 based animation effects.\u003C\u002Fli>\n\u003Cli>Custom Link for each item.\u003C\u002Fli>\n\u003Cli>Use multiple instances on same Page.\u003C\u002Fli>\n\u003Cli>Infinity slides loop.\u003C\u002Fli>\n\u003Cli>Smooth auto-play\u002F Ticker Carousel Slider.\u003C\u002Fli>\n\u003Cli>Enable\u002FDisable auto-play.\u003C\u002Fli>\n\u003Cli>Control carousel sliding speed.\u003C\u002Fli>\n\u003Cli>Customize slider pagination & dots color.\u003C\u002Fli>\n\u003Cli>Show Nav\u002F Dot on Over.\u003C\u002Fli>\n\u003Cli>Slider auto pause On Hover.\u003C\u002Fli>\n\u003Cli>Infinite loop for the slider.\u003C\u002Fli>\n\u003Cli>Control slider transition Speed & Delay.\u003C\u002Fli>\n\u003Cli>Carousel item vertically top and middle alignment.\u003C\u002Fli>\n\u003Cli>Icon & text based navigation button.\u003C\u002Fli>\n\u003Cli>Lazy load enabled carousel slider.\u003C\u002Fli>\n\u003Cli>Pagination and active color.\u003C\u002Fli>\n\u003Cli>Show\u002Fhide pagination on mobile.\u003C\u002Fli>\n\u003Cli>Set a maximum number of item to show.\u003C\u002Fli>\n\u003Cli>Show\u002Fhide navigation arrows & pagination dots.\u003C\u002Fli>\n\u003Cli>Control slider pagination speed.\u003C\u002Fli>\n\u003Cli>Responsive & touch friendly slides.\u003C\u002Fli>\n\u003Cli>Touch and Swipe enabled navigation.\u003C\u002Fli>\n\u003Cli>Mouse Draggable & Grab Cursor style.\u003C\u002Fli>\n\u003Cli>Preloader Settings\u003C\u002Fli>\n\u003Cli>Control Tooltip position. \u003C\u002Fli>\n\u003Cli>Five tooltip animation.\u003C\u002Fli>\n\u003Cli>Set tooltip animation duration & delay. \u003C\u002Fli>\n\u003Cli>Hover and click tooltip trigger type.\u003C\u002Fli>\n\u003Cli>Background image & overlay color for slider area.\u003C\u002Fli>\n\u003Cli>100+ hover animation and Effect for showcase.\u003C\u002Fli>\n\u003Cli>Works on iOS, Android and latest Desktop browsers\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>For fast support, features request, and bug reporting\u003C\u002Fh4>\n\u003Cp>If you have any problem or feature request for this plugin, please feel free to contact us!\u003Cbr \u002F>\n \u003Ca href=\"https:\u002F\u002Flogichunt.com\u002Fcontact-us\" rel=\"nofollow ugc\">\u003Cstrong>Contact Us!\u003C\u002Fstrong>\u003C\u002Fa> | \u003Ca href=\"https:\u002F\u002Flogichunt.com\u002Fsupport\u002F\" rel=\"nofollow ugc\">\u003Cstrong>Get Support\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>PREMIUM UPGRADE\u003C\u002Fh4>\n\u003Cp>For premium upgrade, please go  \u003Ca href=\"https:\u002F\u002Flogichunt.com\u002Fproduct\u002Fwordpress-logo-slider\" rel=\"nofollow ugc\">\u003Cstrong>here\u003C\u002Fstrong>\u003C\u002Fa>\u003C\u002Fp>\n","Responsive Logo Slider & Grid for WordPress. Display unlimited logos in customizable carousels with infinite loop. Perfect for showcasing clients, &hellip;",10000,407418,88,58,"2025-12-11T02:57:00.000Z","6.9.4","4.3","",[],"https:\u002F\u002Flogichunt.com\u002Fproduct\u002Fwordpress-logo-slider\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flogo-slider-wp.4.9.0.zip",52,9,2,"2026-03-20 15:20:04","2026-03-15T15:16:48.613Z",[28,42,51,62,76,88,96,108,120],{"id":29,"url_slug":30,"title":31,"description":32,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":33,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":25,"updated_date":39,"references":40,"days_to_patch":33},"CVE-2026-0609","logo-slider-authenticated-author-stored-cross-site-scripting-via-logo-slider-shortcode","Logo Slider \u003C= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting via 'logo-slider' Shortcode","The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image alt text in all versions up to, and including, 4.9.0 due to insufficient input sanitization and output escaping in the 'logo-slider' shortcode. This makes it possible for authenticated attackers, with author level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=4.9.0","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-03-21 03:27:01",[41],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fb94f388a-c4af-4d3a-bd41-9b2d5d990672?source=api-prod",{"id":43,"url_slug":44,"title":45,"description":46,"plugin_slug":4,"theme_slug":33,"affected_versions":34,"patched_in_version":33,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":47,"updated_date":48,"references":49,"days_to_patch":33},"CVE-2026-24626","logo-slider-authenticated-author-stored-cross-site-scripting","Logo Slider \u003C= 4.9.0 - Authenticated (Author+) Stored Cross-Site Scripting","The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","2026-01-10 05:40:49","2026-02-03 13:48:06",[50],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fa6b5cca3-7911-4bb0-b54b-ae19ce570c5c?source=api-prod",{"id":52,"url_slug":53,"title":54,"description":55,"plugin_slug":4,"theme_slug":33,"affected_versions":56,"patched_in_version":6,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":57,"updated_date":58,"references":59,"days_to_patch":61},"CVE-2025-13153","logo-slider-authenticated-contributor-stored-cross-site-scripting","Logo Slider \u003C= 4.8.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.8.0","2025-12-12 00:00:00","2026-01-06 16:00:20",[60],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F46abb44e-bfa8-4b36-bd5d-b27e18fbb0f3?source=api-prod",26,{"id":63,"url_slug":64,"title":65,"description":66,"plugin_slug":4,"theme_slug":33,"affected_versions":67,"patched_in_version":68,"severity":35,"cvss_score":69,"cvss_vector":70,"vuln_type":38,"published_date":71,"updated_date":72,"references":73,"days_to_patch":75},"CVE-2024-12308","logo-slider-authenticated-admin-stored-cross-site-scripting","Logo Slider \u003C= 4.5.0 - Authenticated (Admin+) Stored Cross-Site Scripting","The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 4.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.","\u003C=4.5.0","4.6.0",4.4,"CVSS:3.1\u002FAV:N\u002FAC:H\u002FPR:H\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","2025-02-03 00:00:00","2025-02-26 22:46:26",[74],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F1d2ae0d0-f666-4750-9ce0-70a061fe2a49?source=api-prod",24,{"id":77,"url_slug":78,"title":79,"description":80,"plugin_slug":4,"theme_slug":33,"affected_versions":81,"patched_in_version":82,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":83,"updated_date":84,"references":85,"days_to_patch":87},"CVE-2024-10896","logo-slider-authenticated-contributor-stored-cross-site-scripting-5","Logo Slider \u003C= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the \"Brand Name\" field in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.1.0","4.5.0","2024-11-07 00:00:00","2025-02-26 22:46:47",[86],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fd6cc17a6-994c-4ac4-8175-263add849b1b?source=api-prod",112,{"id":89,"url_slug":90,"title":91,"description":92,"plugin_slug":4,"theme_slug":33,"affected_versions":81,"patched_in_version":82,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":83,"updated_date":93,"references":94,"days_to_patch":87},"CVE-2024-10473","logo-slider-authenticated-author-stored-cross-site-scripting-2","Logo Slider \u003C= 4.1.0 - Authenticated (Author+) Stored Cross-Site Scripting","The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","2025-02-26 22:46:57",[95],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Ffa1c526d-b751-4461-9e54-e7704ca8ddc3?source=api-prod",{"id":97,"url_slug":98,"title":99,"description":100,"plugin_slug":4,"theme_slug":33,"affected_versions":101,"patched_in_version":102,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":103,"updated_date":104,"references":105,"days_to_patch":107},"CVE-2024-5429","logo-slider-authenticated-contributor-stored-cross-site-scripting-4","Logo Slider \u003C= 4.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Brand Name field in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=4.0.0","4.1.0","2024-09-26 00:00:00","2024-10-18 14:51:33",[106],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F7ad6aaf4-7727-4b4a-920a-0d1754405163?source=api-prod",23,{"id":109,"url_slug":110,"title":111,"description":112,"plugin_slug":4,"theme_slug":33,"affected_versions":113,"patched_in_version":114,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":115,"updated_date":116,"references":117,"days_to_patch":119},"CVE-2024-3288","logo-slider-authenticated-contributor-stored-cross-site-scripting-2","Logo Slider \u003C= 3.9.9 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the header and subtitle parameter in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=3.9.9","4.0.0","2024-05-17 00:00:00","2024-05-20 14:45:48",[118],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F6bcd770c-a93e-4622-8c19-d0c64aad9768?source=api-prod",4,{"id":121,"url_slug":122,"title":123,"description":124,"plugin_slug":4,"theme_slug":33,"affected_versions":125,"patched_in_version":126,"severity":35,"cvss_score":36,"cvss_vector":37,"vuln_type":38,"published_date":127,"updated_date":128,"references":129,"days_to_patch":131},"CVE-2022-4664","logo-slider-authenticated-contributor-stored-cross-site-scripting-3","Logo Slider \u003C= 3.5.3 - Authenticated (Contributor+) Stored Cross-Site Scripting","The Logo Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via numerous shortcodes in versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping in the 'lgx_output_function_dep' function. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","\u003C=3.5.3","3.6.0","2022-12-16 00:00:00","2024-01-22 19:56:02",[130],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F723ed5c7-041f-4e03-83ad-43438e3265a1?source=api-prod",403,{"slug":133,"display_name":7,"profile_url":8,"plugin_count":134,"total_installs":135,"avg_security_score":136,"avg_patch_time_days":13,"trust_score":137,"computed_at":138},"logichunt",3,11200,78,73,"2026-04-04T21:17:53.048Z",[],{"attackSurface":141,"codeSignals":244,"taintFlows":361,"riskAssessment":362,"analyzedAt":379},{"hooks":142,"ajaxHandlers":224,"restRoutes":229,"shortcodes":230,"cronEvents":242,"entryPointCount":119,"unprotectedCount":243},[143,148,153,156,159,161,163,166,168,170,173,176,179,183,186,189,192,195,198,201,204,207,209,211,214,217,220,222],{"type":144,"name":145,"callback":145,"file":146,"line":147},"action","admin_enqueue_scripts","includes\\class-logo-slider-wp-setting.php",30,{"type":144,"name":149,"callback":150,"file":151,"line":152},"plugins_loaded","anonymous","includes\\class-logo-slider-wp.php",147,{"type":144,"name":154,"callback":150,"file":151,"line":155},"activated_plugin",163,{"type":144,"name":157,"callback":150,"file":151,"line":158},"admin_notices",164,{"type":144,"name":145,"callback":150,"file":151,"line":160},167,{"type":144,"name":145,"callback":150,"file":151,"line":162},168,{"type":144,"name":164,"callback":150,"file":151,"line":165},"init",171,{"type":144,"name":164,"callback":150,"file":151,"line":167},172,{"type":144,"name":164,"callback":150,"file":151,"line":169},175,{"type":144,"name":171,"callback":150,"file":151,"line":172},"add_meta_boxes",178,{"type":144,"name":174,"callback":150,"file":151,"line":175},"add_meta_boxes_logosliderwp",181,{"type":144,"name":177,"callback":150,"file":151,"line":178},"add_meta_boxes_lgx_lsp_shortcodes",184,{"type":180,"name":181,"callback":150,"file":151,"line":182},"filter","postbox_classes_lgx_lsp_shortcodes_lgx_lsp_shortcodes_meta_box_panel",186,{"type":144,"name":184,"callback":150,"file":151,"line":185},"save_post_logosliderwp",189,{"type":144,"name":187,"callback":150,"file":151,"line":188},"save_post_lgx_lsp_shortcodes",192,{"type":144,"name":190,"callback":150,"file":151,"line":191},"admin_menu",195,{"type":180,"name":193,"callback":150,"file":151,"line":194},"manage_logosliderwp_posts_columns",198,{"type":144,"name":196,"callback":150,"file":151,"line":197},"manage_logosliderwp_posts_custom_column",201,{"type":180,"name":199,"callback":150,"file":151,"line":200},"manage_lgx_lsp_shortcodes_posts_columns",206,{"type":144,"name":202,"callback":150,"file":151,"line":203},"manage_lgx_lsp_shortcodes_posts_custom_column",209,{"type":180,"name":205,"callback":150,"file":151,"line":206},"plugin_row_meta",218,{"type":180,"name":193,"callback":150,"file":151,"line":208},222,{"type":144,"name":196,"callback":150,"file":151,"line":210},225,{"type":144,"name":212,"callback":150,"file":151,"line":213},"pre_get_posts",229,{"type":144,"name":215,"callback":150,"file":151,"line":216},"admin_init",236,{"type":144,"name":218,"callback":150,"file":151,"line":219},"wp_enqueue_scripts",252,{"type":144,"name":218,"callback":150,"file":151,"line":221},253,{"type":144,"name":164,"callback":150,"file":151,"line":223},256,[225],{"action":226,"nopriv":227,"callback":150,"hasNonce":227,"hasCapCheck":227,"file":151,"line":228},"lgx_ls_admin_lswp_reorder",false,232,[],[231,234,238],{"tag":4,"callback":232,"file":151,"line":233},"logo_slider_wp_shortcode_function_dep",259,{"tag":235,"callback":232,"file":236,"line":237},"logo-slider","public\\class-logo-slider-wp-public.php",66,{"tag":239,"callback":240,"file":236,"line":241},"lgxlogoslider","display_lgx_logo_slider",467,[],1,{"dangerousFunctions":245,"sqlUsage":246,"outputEscaping":249,"fileOperations":247,"externalRequests":247,"nonceChecks":24,"capabilityChecks":247,"bundledLibraries":360},[],{"prepared":247,"raw":247,"locations":248},0,[],{"escaped":250,"rawEcho":251,"locations":252},240,55,[253,257,259,261,263,265,267,270,272,275,276,278,280,282,284,286,288,290,292,294,296,298,300,302,304,306,308,310,313,315,317,318,320,322,324,326,328,330,332,334,336,338,339,340,342,344,347,349,351,352,353,355,356,358,359],{"file":254,"line":255,"context":256},"admin\\class-logo-slider-wp-admin.php",506,"raw output",{"file":254,"line":258,"context":256},524,{"file":254,"line":260,"context":256},582,{"file":254,"line":262,"context":256},1091,{"file":254,"line":264,"context":256},1096,{"file":266,"line":119,"context":256},"admin\\partials\\shortcode_meta_display\\__meta_fields_lsp_shortcodes_header.php",{"file":268,"line":269,"context":256},"admin\\partials\\shortcode_meta_display\\__meta_fields_lsp_shortcodes_help_block.php",7,{"file":268,"line":271,"context":256},19,{"file":273,"line":274,"context":256},"admin\\partials\\sidebar.php",11,{"file":273,"line":274,"context":256},{"file":273,"line":277,"context":256},12,{"file":146,"line":279,"context":256},113,{"file":146,"line":281,"context":256},183,{"file":146,"line":283,"context":256},207,{"file":146,"line":285,"context":256},244,{"file":146,"line":287,"context":256},267,{"file":146,"line":289,"context":256},289,{"file":146,"line":291,"context":256},310,{"file":146,"line":293,"context":256},326,{"file":146,"line":295,"context":256},336,{"file":146,"line":297,"context":256},349,{"file":146,"line":299,"context":256},365,{"file":146,"line":301,"context":256},384,{"file":146,"line":303,"context":256},400,{"file":146,"line":305,"context":256},416,{"file":146,"line":307,"context":256},496,{"file":146,"line":309,"context":256},508,{"file":311,"line":312,"context":256},"includes\\LgxMetaForm.php",77,{"file":311,"line":314,"context":256},111,{"file":311,"line":316,"context":256},160,{"file":311,"line":182,"context":256},{"file":311,"line":319,"context":256},227,{"file":311,"line":321,"context":256},266,{"file":311,"line":323,"context":256},302,{"file":311,"line":325,"context":256},338,{"file":311,"line":327,"context":256},379,{"file":311,"line":329,"context":256},437,{"file":311,"line":331,"context":256},477,{"file":311,"line":333,"context":256},519,{"file":335,"line":243,"context":256},"public\\partials\\template\\view-default.php",{"file":335,"line":337,"context":256},6,{"file":335,"line":269,"context":256},{"file":335,"line":274,"context":256},{"file":335,"line":341,"context":256},76,{"file":343,"line":277,"context":256},"public\\partials\\template\\_header.php",{"file":345,"line":346,"context":256},"public\\partials\\template\\_item.php",42,{"file":345,"line":348,"context":256},46,{"file":345,"line":350,"context":256},47,{"file":345,"line":350,"context":256},{"file":345,"line":350,"context":256},{"file":345,"line":354,"context":256},48,{"file":345,"line":354,"context":256},{"file":345,"line":357,"context":256},62,{"file":345,"line":357,"context":256},{"file":345,"line":357,"context":256},[],[],{"summary":363,"deductions":364},"The \"logo-slider-wp\" plugin version 4.9.0 exhibits a mixed security posture. On the positive side, the code demonstrates good practices in several areas, including the absence of dangerous functions, all SQL queries utilizing prepared statements, and a lack of file operations or external HTTP requests. The presence of nonce checks, while not universally applied, is also a positive sign. However, significant concerns arise from the plugin's attack surface. With one unprotected AJAX handler, this presents a direct entry point for potential attacks that could be exploited without proper user authentication. Furthermore, the high percentage of output escaping (81%) indicates that while most output is handled correctly, there's still a non-negligible portion that could be vulnerable to cross-site scripting if the unsanitized outputs are exploited.\n\nThe plugin's vulnerability history is a major red flag. Having a total of 8 known CVEs, with one still unpatched, suggests a recurring pattern of security weaknesses. The commonality of Cross-site Scripting (XSS) vulnerabilities in its history, coupled with the statically identified potential for unescaped output, reinforces the risk of XSS attacks. The fact that the last known vulnerability was in the future (2026-01-10) is likely a data error, but regardless, the historical trend points to a plugin that has struggled with robust security. While the current static analysis doesn't reveal critical taint flows or raw SQL issues, the combination of an unprotected entry point and a history of XSS vulnerabilities necessitates caution.",[365,368,371,374,377],{"reason":366,"points":367},"Unprotected AJAX handler",10,{"reason":369,"points":370},"Unpatched CVE",15,{"reason":372,"points":373},"Medium severity CVEs (8 total)",8,{"reason":375,"points":376},"Significant portion of output unescaped",5,{"reason":378,"points":376},"Low number of capability checks","2026-03-16T17:38:45.229Z",{"wat":381,"direct":412},{"assetPaths":382,"generatorPatterns":396,"scriptPaths":397,"versionParams":398},[383,384,385,386,387,388,389,390,391,392,393,394,395],"\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fadmin\u002Fcss\u002Fadmin.css","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fadmin\u002Fjs\u002Fadmin.js","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Fcss\u002Fstyle.css","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Fjs\u002Fowl.carousel.min.js","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Fjs\u002Fpublic.js","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Fjs\u002Fjquery.waypoints.min.js","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Fjs\u002Fjquery.counterup.min.js","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Flib\u002Fslick\u002Fslick.min.js","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Flib\u002Fslick\u002Fslick.css","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Flib\u002Fprettyphoto\u002FprettyPhoto.css","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Flib\u002Fprettyphoto\u002FprettyPhoto.js","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Flib\u002Fwow\u002Fwow.min.js","\u002Fwp-content\u002Fplugins\u002Flogo-slider-wp\u002Fpublic\u002Flib\u002Fwow\u002Fanimate.css",[],[384,386,387,388,389,390,393,394],[399,400,401,402,403,404,405,406,407,408,409,410,411],"logo-slider-wp\u002Fadmin\u002Fcss\u002Fadmin.css?ver=","logo-slider-wp\u002Fadmin\u002Fjs\u002Fadmin.js?ver=","logo-slider-wp\u002Fpublic\u002Fcss\u002Fstyle.css?ver=","logo-slider-wp\u002Fpublic\u002Fjs\u002Fowl.carousel.min.js?ver=","logo-slider-wp\u002Fpublic\u002Fjs\u002Fpublic.js?ver=","logo-slider-wp\u002Fpublic\u002Fjs\u002Fjquery.waypoints.min.js?ver=","logo-slider-wp\u002Fpublic\u002Fjs\u002Fjquery.counterup.min.js?ver=","logo-slider-wp\u002Fpublic\u002Flib\u002Fslick\u002Fslick.min.js?ver=","logo-slider-wp\u002Fpublic\u002Flib\u002Fslick\u002Fslick.css?ver=","logo-slider-wp\u002Fpublic\u002Flib\u002Fprettyphoto\u002FprettyPhoto.css?ver=","logo-slider-wp\u002Fpublic\u002Flib\u002Fprettyphoto\u002FprettyPhoto.js?ver=","logo-slider-wp\u002Fpublic\u002Flib\u002Fwow\u002Fwow.min.js?ver=","logo-slider-wp\u002Fpublic\u002Flib\u002Fwow\u002Fanimate.css?ver=",{"cssClasses":413,"htmlComments":418,"htmlAttributes":424,"restEndpoints":445,"jsGlobals":446,"shortcodeOutput":448},[4,414,415,416,417],"logo-slider-wp-frontend","lgx-logo-slider-wrap","lgx-logo-slider","lgx-single-logo",[419,420,421,422,423],"\u003C!-- Default Page -->","\u003C!-- logo-slider-wp-frontend -->","\u003C!-- Logo Slider Wrapper -->","\u003C!-- Single Logo -->","\u003C!-- for Pro -->",[425,426,427,428,429,430,431,432,433,434,435,436,437,438,439,440,441,442,443,444],"data-lgx-slides-to-show","data-lgx-slides-to-scroll","data-lgx-autoplay","data-lgx-loop","data-lgx-arrows","data-lgx-dots","data-lgx-mobile-nav","data-lgx-desktop-nav","data-lgx-pause-on-hover","data-lgx-smart-speed","data-lgx-speed","data-lgx-margin","data-lgx-fade-out","data-lgx-center-mode","data-lgx-variable-width","data-lgx-rtl","data-lgx-lazy-load","data-lgx-vertical","data-lgx-vertical-height","data-lgx-slides-per-group",[],[447],"logoSliderFrontend",[449],"[logo-slider-wp"]