### [CVE-2024-10896](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10896)
![](https://img.shields.io/static/v1?label=Product&message=Logo%20Slider&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.5.0%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-79%20Cross-Site%20Scripting%20(XSS)&color=brighgreen)

### Description

The Logo Slider  WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting

### POC

#### Reference
- https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9/

#### Github
No PoCs found on GitHub currently.