What is GHSA-7487-8952-hmfc?

GHSA-7487-8952-hmfc is a security advisory published by GitHub Security Advisories with High severity. HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows...

Which CVE IDs does GHSA-7487-8952-hmfc cover?

GHSA-7487-8952-hmfc covers the following CVE IDs: CVE-2020-37227. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-7487-8952-hmfc?

GHSA-7487-8952-hmfc has a CVSS v3 base score of 8.8, published by GitHub Security Advisories.

GHSA-7487-8952-hmfcHighCVSS 8.8

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows...

Vendor

GitHub Security Advisories

Published

May 16, 2026

Last Modified

May 16, 2026

🔗 CVE IDs covered (1)

CVE-2020-37227 →

📋 Description

HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file extension validation by uploading arbitrary files. Attackers can intercept upload requests to the logoupload parameter in the admin interface and rename files to executable extensions .php to achieve remote code execution.

🔗 References (6)

https://nvd.nist.gov/vuln/detail/CVE-2020-37227
https://ms.wordpress.org/plugins/hs-brand-logo-slider
https://www.exploit-db.com/exploits/48913
https://www.heliossolutions.co
https://www.vulncheck.com/advisories/wordpress-plugin-hs-brand-logo-slider-unrestricted-file-upload
https://github.com/advisories/GHSA-7487-8952-hmfc