CVE-2025-2262 HIGH

CVE-2025-2262: Logo Slider <= 3.7.3 - Unauthenticated Arbitrary Shortcode Execution

Vendor Samdani
Product Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation
Weakness CWE-862 · Missing authorization
Published March 18, 2025
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

7.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

01Description

The The Logo Slider – Logo Showcase, Logo Carousel, Logo Gallery and Client Logo Presentation plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.7.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Key dates

02Disclosure timeline

March 18, 2025 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-49324 WordPress Job Board Manager plugin <= 2.1.60 - Broken Access Control Vulnerability CVE-2025-62928 WordPress SEO Meta Description Updater plugin <= 1.2.0 - Broken Access Control vulnerability CVE-2025-23999 WordPress Breeze plugin <= 2.2.13 - Broken Access Control vulnerability CVE-2025-58000 WordPress Memberful plugin <= 1.75.0 - Broken Access Control vulnerability CVE-2023-37989 WordPress Easyship WooCommerce Shipping Rates plugin <= 0.9.0 - Broken Access Control vulnerability