Logo Slider < 4.9.0 - Contributor+ Stored XSS_CVE-2025-13153

6.1 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Description

The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Basic Information

ID CVE-2025-13153

Source WPScan

Published Jan 2, 2026 at 06:00

Modified Jan 2, 2026 at 21:11

Affected Product

Vendor Unknown

Product Logo Slider

Affected Versions Unknown Logo Slider 0

CWE Classification

References

wpscan.com /vulnerability/0ed67947-228d-420c-8d28-e0d7326eb101/

{
    "lastseen": "",
    "description": "The Logo Slider  WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.",
    "published": "2026-01-02T06:00:11.428Z",
    "modified": "2026-01-02T21:11:05.150Z",
    "type": "cve",
    "title": "Logo Slider < 4.9.0 - Contributor+ Stored XSS",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/0ed67947-228d-420c-8d28-e0d7326eb101/",
    "id": "CVE-2025-13153",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown Logo Slider 0",
    "sourceHref": "",
    "cvss": {
        "score": 6.1,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Logo Slider",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}