CVE-2024-5429

Name of the Vulnerable Software and Affected Versions: The Logo Slider WordPress plugin versions prior to 4.1.0

Description: The issue concerns the Logo Slider WordPress plugin, which does not validate and escape some of its Slider Settings before outputting them back in attributes. This could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. An attacker could inject malicious scripts.

Recommendations: For versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the Slider Settings to minimize the risk of exploitation. Avoid using unvalidated and unescaped attributes in the Slider Settings until the issue is resolved.