Shapedplugin: >> Logo Carousel Security Vulnerabilities
The Logo Carousel WordPress plugin before 3.4.2 does not validate and escape the "Logo Margin" carousel option, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks
CVSS Score
5.4
EPSS Score
0.002
Published
2021-12-21
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature
CVSS Score
8.1
EPSS Score
0.005
Published
2021-12-21