CVE-2026-13247 in Logo Slider Plugininfo

Summary

by MITRE • 07/10/2026

The Logo Slider – Logo Carousel, Client Logo Slider & Brand Showcase for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lgx_tooltip_position' parameter in all versions up to, and including, 5.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 07/10/2026

The vulnerability identified in the Logo Slider – Logo Carousel plugin affects versions 5.5 and earlier, representing a critical stored cross-site scripting flaw that undermines the security posture of WordPress installations. This issue stems from inadequate input validation and output sanitization mechanisms within the plugin's codebase, specifically targeting the 'lgx_tooltip_position' parameter which serves as an entry point for malicious payload injection. The vulnerability manifests when authenticated users with contributor-level privileges or higher submit crafted input through the affected parameter, which then gets stored within the application's database and subsequently executed whenever affected pages are accessed by any user.

The technical exploitation of this vulnerability occurs through a classic stored XSS vector where malicious scripts are permanently embedded in the plugin's data storage system. When administrators or other users access pages containing the injected content, the stored JavaScript code executes in their browsers within the context of the vulnerable WordPress installation. This creates a persistent threat that can be leveraged to hijack user sessions, steal sensitive cookies, redirect victims to malicious sites, or perform actions on behalf of authenticated users. The vulnerability affects the plugin's tooltip functionality, where tooltip positioning parameters are improperly sanitized, allowing attackers to inject arbitrary HTML and JavaScript code that persists across multiple page views.

The operational impact of this vulnerability extends beyond simple script execution, as it provides attackers with a foothold for more sophisticated attacks within the WordPress environment. Contributors and higher-privileged users typically have access to various administrative functions, making this vulnerability particularly dangerous when combined with the attacker's ability to inject malicious code that can persist across user sessions. The stored nature of the vulnerability means that once injected, the malicious scripts will execute automatically each time affected pages are loaded, creating a continuous threat vector that can be exploited by multiple users without requiring repeated interaction from the original attacker. This persistence factor significantly amplifies the potential damage and makes detection more challenging for system administrators.

Organizations should implement immediate mitigations including upgrading to the latest plugin version where the vulnerability has been addressed through proper input sanitization and output escaping mechanisms. The fix typically involves implementing strict validation of the 'lgx_tooltip_position' parameter to ensure only expected values are accepted, combined with appropriate HTML escaping before any stored content is rendered in user-facing interfaces. Security practices should include regular vulnerability scanning of WordPress installations, monitoring for unauthorized modifications to plugin files, and implementing role-based access controls that limit the ability of lower-privileged users to modify core configuration parameters. Additionally, organizations should consider implementing web application firewalls to detect and block suspicious input patterns targeting known vulnerable parameters, while maintaining comprehensive logging of user activities related to plugin modifications.

This vulnerability aligns with CWE-79 which specifically addresses cross-site scripting flaws in software applications. The attack vector follows typical ATT&CK techniques for privilege escalation and persistent threats within web applications, where initial access through contributor-level accounts enables sustained exploitation. The remediation approach should follow established security best practices including input validation, output encoding, and principle of least privilege implementation to prevent similar vulnerabilities from emerging in other plugin components or core WordPress functionality.

Responsible

Wordfence

Reservation

06/24/2026

Disclosure

07/10/2026

Moderation

accepted

CPE

ready

EPSS

0.00000

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!