CVE-2024-10896

{"id": "CVE-2024-10896", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.3}]}, "published": "2024-11-28T06:15:08.233", "references": [{"url": "https://wpscan.com/vulnerability/1304c2b6-922d-455e-bae8-d6bf855eddd9/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting"}, {"lang": "es", "value": "El complemento Logo Slider de WordPress anterior a la versi\u00f3n 4.5.0 no desinfecta ni evita algunas de las configuraciones de su logotipo y control deslizante, lo que podr\u00eda permitir que usuarios con privilegios elevados, como los colaboradores, realicen Cross-Site Scripting almacenado."}], "lastModified": "2025-05-15T17:35:40.350", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:logichunt:logo_slider:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2B1ECD70-AB0A-43F6-8C83-9EF4EE829011", "versionEndExcluding": "4.5.0"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}