The Logo Showcase with Slick Slider WordPress plugin before 1.2.4 does not sanitise the Grid Settings, which could allow users with a role as low as Author to perform stored Cross-Site Scripting attacks via post metadata of Grid logo showcase.Creditsapple502jReferenceshttps://wpscan.com/vulnerability/5d70818e-730d-40c9-a2db-652052a5fd5c
