CVE-2024-8989 Stars Testimonials <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via stars_testimonials Shortcode

🗓️ 01 Oct 2024 07:30:15Reported by WordfenceType

CVE-2024-8989 Stars Testimonials <= 3.3.1 Cross-Site Scriptin

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2024-8989	1 Oct 202411:04	–	circl
CNNVD	WordPress plugin Stars Testimonials 安全漏洞	1 Oct 202400:00	–	cnnvd
CVE	CVE-2024-8989	1 Oct 202407:30	–	cve
EUVD	EUVD-2024-49525	3 Oct 202520:07	–	euvd
NVD	CVE-2024-8989	1 Oct 202408:15	–	nvd
Patchstack	WordPress Stars Testimonials plugin <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via stars_testimonials Shortcode vulnerability	1 Oct 202403:16	–	patchstack
Patchstack	WordPress Stars Testimonials Plugin <= 3.3.1 is vulnerable to Cross Site Scripting (XSS)	1 Oct 202400:00	–	patchstack
Positive Technologies	PT-2024-39354 · WordPress · Stars Testimonials	1 Oct 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-8989	23 May 202510:37	–	redhatcve
Vulnrichment	CVE-2024-8989 Stars Testimonials <= 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via stars_testimonials Shortcode	1 Oct 202407:30	–	vulnrichment

[
  {
    "vendor": "premio",
    "product": "Stars Testimonials — Responsive Reviews & Star Ratings",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThanOrEqual": "3.3.1",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
plugins	www.plugins.trac.wordpress.org/browser/stars-testimonials-with-slider-and-masonry-grid/trunk/plugin.class.php
wordpress	www.wordpress.org/plugins/stars-testimonials-with-slider-and-masonry-grid/
plugins	www.plugins.trac.wordpress.org/changeset/3159818/
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/b406f0b8-16b5-49ca-88d8-7717bef1ae61
plugins	www.plugins.trac.wordpress.org/changeset/3159818/

08 Apr 2026 17:16Current

CVSS 3.16.4

EPSS0.00255

CWE-79