CVE-2020-37227 HIGH

CVE-2020-37227: WordPress Plugin HS Brand Logo Slider 2.1 Unrestricted File Upload

Vendor Heliossolutions

Product HS Brand Logo Slider

Weakness CWE-434 · Unrestricted file upload

Published May 16, 2026

Last update May 18, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

Description

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.

Key dates

Disclosure timeline

May 16, 2026 CVE published

May 18, 2026 Record updated