CVE-2026-24626
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| logohunt | logo_slider_wp | to 4.9.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-24626 is a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress Logo Slider Plugin versions up to 4.9.0. It allows an attacker to inject malicious scripts into web pages generated by the plugin. Exploitation requires a privileged user, such as an author or developer, to interact with a crafted link, page, or form. Once exploited, the malicious scripts can execute when site visitors access the affected website, potentially causing redirects, displaying unwanted advertisements, or other harmful HTML payloads. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to execute malicious scripts on your website, which can lead to unauthorized redirects, display of unwanted advertisements, or other harmful actions affecting site visitors. However, exploitation requires interaction by a privileged user, limiting the risk. The overall risk is considered moderate with a CVSS score of 5.9, and Patchstack assigns it a low priority due to its limited impact and the need for privileged user involvement. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for suspicious input or script injections in the Logo Slider plugin on WordPress sites up to version 4.9.0. Since exploitation requires privileged user interaction, reviewing logs for unusual actions by authors or developers, such as clicking unknown links or submitting unexpected forms, can help. Specific commands are not provided in the resources. However, general detection might include scanning the website for stored XSS payloads in the Logo Slider plugin content or using web vulnerability scanners that check for stored XSS in WordPress plugins. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting privileged user interactions with untrusted content, educating authors and developers about the risk of clicking unknown links or submitting untrusted forms, and monitoring the site for suspicious activity. Since no official fix or patched version is currently available, applying strict input validation and sanitization on the affected plugin or disabling the Logo Slider plugin until a patch is released are recommended. Additionally, limiting plugin usage to trusted users can reduce risk. [1]