CVE-2024-3288

Published Jun 7, 2024

Last updated 2 years ago

CVSS medium 5.4
Mobile device

Overview

Description
The Logo Slider WordPress plugin before 4.0.0 does not validate and escape some of its Slider Settings before outputting them back in attributes, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Source
contact@wpscan.com
NVD status
Modified
Products
logo_slider

Risk scores

CVSS 3.1

Type
Primary
Base score
5.4
Impact score
2.7
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-79

Social media

Hype score
Not currently trending

Configurations

Related CVEs

  1. Check Point Security Gateway Improper Authentication VulnerabilityCVE-2026-50751
  2. Android Framework Integer Overflow VulnerabilityCVE-2025-48595
  3. This vulnerability exists in the Atom 3x Projector due to improper exposure of the Android Debug Bridge (ADB) service over the local network without authentication or access controls. An unauthenticated attacker on the same network can exploit this vulnerability to obtain root-level access, leading to complete compromise of the targeted device.CVE-2026-5777
  4. Mattermost versions 11.3.x <= 11.3.0, 11.2.x <= 11.2.2, 10.11.x <= 10.11.10 fail to use consistent error responses when handling the /mute command which allows an authenticated team member to enumerate private channels they are not authorized to know about via differing error messages for nonexistent versus private channels. Mattermost Advisory ID: MMSA-2026-00588CVE-2026-21386
  5. Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.CVE-2026-20993

References

Sources include official advisories and independent security research.