彙總 gsplugins 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 跨站腳本與CSRF,在 生產負載與軟體部署 使用場景中可能帶來 工作階段劫持 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2024-9233 | The Logo Slider WordPress plugin before 3.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | [email protected] | 4.3 | 0.18% | 2025-05-15 | 2025-06-04 |
| CVE-2024-11746 | The Discover the Best Woocommerce Product Brands Plugin for WordPress – Woocommerce Brands Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_brand' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever | [email protected] | 6.4 | 0.06% | 2025-02-12 | 2025-02-25 |
| CVE-2024-11453 | The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user acc | [email protected] | 6.4 | 0.22% | 2024-12-03 | 2025-07-09 |
| CVE-2024-7716 | The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | [email protected] | 4.8 | 0.45% | 2024-09-11 | 2024-09-25 |
| CVE-2024-30192 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Pins for Pinterest allows Stored XSS.This issue affects GS Pins for Pinterest: from n/a through 1.8.2. | [email protected] | 6.5 | 0.16% | 2024-03-27 | 2026-04-28 |
| CVE-2023-51530 | Cross-Site Request Forgery (CSRF) vulnerability in GS Plugins Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation.This issue affects Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation: from n/a through 3.5.1. | [email protected] | 4.3 | 0.17% | 2024-02-29 | 2026-04-28 |
| CVE-2023-0539 | The GS Insever Portfolio WordPress plugin before 1.4.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.25% | 2023-02-27 | 2024-11-21 |
| CVE-2023-0559 | The GS Portfolio for Envato WordPress plugin before 1.4.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embedded, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | [email protected] | 5.4 | 0.20% | 2023-02-21 | 2025-03-14 |
| CVE-2023-0541 | The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.54% | 2023-02-21 | 2025-03-12 |
| CVE-2023-0540 | The GS Filterable Portfolio WordPress plugin before 1.6.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | [email protected] | 5.4 | 0.20% | 2023-02-21 | 2025-03-13 |
| CVE-2023-0492 | The GS Products Slider for WooCommerce WordPress plugin before 1.5.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks | [email protected] | 5.4 | 0.18% | 2023-02-21 | 2025-03-14 |
| CVE-2022-4624 | The GS Logo Slider WordPress plugin before 3.3.8 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. | [email protected] | 5.4 | 0.20% | 2023-01-23 | 2025-04-02 |
| CVE-2022-40213 | Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress. | [email protected] | 4.1 | 0.25% | 2022-09-23 | 2024-11-21 |
| CVE-2022-35882 | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress. | [email protected] | 4.8 | 0.26% | 2022-07-28 | 2024-11-21 |