GS Plugins Logo Slider
Moderate fix1 remedy
cpe:2.3:a:gsplugins:logo_slider:*:*:*:*:wordpress:*:*
Moderate fix1 remedy
- <= 3.7.3
GS Logo Slider WordPress Plugin Unauthenticated Arbitrary Shortcode Execution Vulnerability
Vulnerability
Patched
A vulnerability allowing unauthenticated arbitrary shortcode execution exists in the GS Logo Slider WordPress plugin, in all versions through 3.7.3. The issue arises because the plugin does not properly validate user input before executing shortcodes, allowing attackers to execute arbitrary shortcodes on the site.
Impact
Exploitation of this vulnerability allows for arbitrary shortcode execution, which could be used to manipulate the site's content or functionality, depending on the executed shortcode.
Reproduction
To reproduce this vulnerability, send a request to the WordPress site with the 'gslogo_shortcode_preview' parameter. The request can be made through the WordPress admin AJAX interface, which will trigger the 'wp_ajax_gslogo_get_shortcode_pref' action. The absence of proper input validation allows the specified shortcode to be executed immediately, without authentication.
Remediation
Users are advised to update the GS Logo Slider WordPress plugin to version 3.7.4 or later.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
1.6impact
1.3exploitability
9.3remediation
7.7relevance
0.0threat
4.8urgency
2.9incentive
10.0Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.