WordPress Plugin Vulnerabilities

Kiwi Logo Carousel <= 1.7.1 - Authenticated Cross-Site Scripting (XSS)

Description

The Logo Carousel WordPress plugin was affected by an Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
kiwi-logo-carousel
Fixed in 1.7.2

References

CVE
CVE-2015-9434
URL
http://cinu.pl/research/wp-plugins/mail_3764bb40db5ed12aac2c7812d7544730.html
URL
http://blog.cinu.pl/2015/11/php-static-code-analysis-vs-top-1000-wordpress-plugins.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.5 (medium)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
c80a2d9a-a539-4432-9baa-175042ef4444

Timeline

Publicly Published
2015-08-13 (about 10 years ago)
Added
2015-11-24 (about 10 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2024-11-15
Title
SimpleForm Contact Form Submissions <= 2.1.0 - Reflected Cross-Site Scripting
Published
2024-10-08
Title
CYAN Backup < 2.5.3 - Admin+ Stored XSS via Remote Storage Settings
Published
2025-08-14
Title
JetElements For Elementor < 2.7.9.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2017-09-26
Title
WP Jobs < 1.7 - XSS
Published
2025-10-24
Title
Open Source Genesis Framework < 3.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Shortcodes