CVE-2026-0609

Name of the Vulnerable Software and Affected Versions The Logo Slider – Logo Carousel, Logo Showcase & Client Logo Slider Plugin versions prior to 4.9.1

Description The plugin is susceptible to Stored Cross-Site Scripting due to inadequate input sanitization and output escaping within the 'logo-slider' shortcode, specifically concerning the image alt text. This allows authenticated attackers with author-level access or higher to inject malicious web scripts into pages. These scripts will then execute whenever a user accesses the compromised page.

Recommendations Update to version 4.9.1 or later.