PT-2026-42069 · WordPress · The Logo Manager For Enamad
Djaidja Moundjid
·
Published
2026-05-20
·
Updated
2026-05-28
·
CVE-2026-6549
CVSS v3.1
6.4
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Logo Manager For Enamad versions prior to 0.7.5
Description
The Logo Manager For Enamad plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping on user-supplied attributes within the 'title' attribute of the
vc enamad namad, vc enamad shamed, and vc enamad custom shortcodes. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages, which then execute when a user visits the affected page.Recommendations
Update to a version later than 0.7.4.
As a temporary workaround, restrict the use of the 'title' attribute in the
vc enamad namad, vc enamad shamed, and vc enamad custom shortcodes.Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
The Logo Manager For Enamad