Lucene search

K

Testimonial Security Vulnerabilities

cve
cve

CVE-2024-32783

Missing Authorization vulnerability in wpcreativeidea Advanced Testimonial Carousel for Elementor.This issue affects Advanced Testimonial Carousel for Elementor: from n/a through...

4.3CVSS

4.8AI Score

0.0004EPSS

2024-06-09 01:15 PM
28
cve
cve

CVE-2024-35713

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in UAPP GROUP Testimonial Carousel For Elementor allows Stored XSS.This issue affects Testimonial Carousel For Elementor: from n/a through...

6.5CVSS

6.4AI Score

0.0004EPSS

2024-06-08 02:15 PM
21
cve
cve

CVE-2024-2253

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-30 04:15 AM
25
cve
cve

CVE-2024-4858

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to...

5.3CVSS

6.6AI Score

0.001EPSS

2024-05-25 03:15 AM
24
cve
cve

CVE-2024-4698

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

5.7AI Score

0.001EPSS

2024-05-18 08:15 AM
32
cve
cve

CVE-2024-4193

The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS

6.1AI Score

0.0004EPSS

2024-05-14 03:43 PM
25
cve
cve

CVE-2024-1746

The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

7.6AI Score

0.0004EPSS

2024-04-15 05:15 AM
28
cve
cve

CVE-2024-30443

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Testimonial Slider allows Stored XSS.This issue affects GS Testimonial Slider: from n/a through...

6.5CVSS

9.1AI Score

0.0004EPSS

2024-03-29 06:15 PM
32
cve
cve

CVE-2024-1745

The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit...

9.2AI Score

0.0004EPSS

2024-03-26 05:15 AM
36
cve
cve

CVE-2024-1197

A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql...

9.8CVSS

9.7AI Score

0.001EPSS

2024-02-02 11:15 PM
11
cve
cve

CVE-2024-1196

A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site...

6.1CVSS

6.1AI Score

0.0005EPSS

2024-02-02 10:15 PM
12
cve
cve

CVE-2023-45754

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form allows Stored XSS.This issue affects Easy Testimonial Slider and Form: from n/a through...

5.9CVSS

5.4AI Score

0.0004EPSS

2023-10-25 06:17 PM
33
cve
cve

CVE-2023-4795

The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against....

5.4CVSS

5.3AI Score

0.0004EPSS

2023-10-16 08:15 PM
15
cve
cve

CVE-2023-39648

Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected...

9.8CVSS

9.7AI Score

0.001EPSS

2023-10-03 10:15 PM
25
cve
cve

CVE-2023-24389

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in brandiD Social Proof (Testimonial) Slider plugin <= 2.2.3...

5.9CVSS

4.8AI Score

0.0004EPSS

2023-08-10 10:15 AM
19
cve
cve

CVE-2022-46799

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Easy Testimonial Slider and Form plugin <= 1.0.15...

7.1CVSS

6AI Score

0.0005EPSS

2023-05-08 12:15 PM
14
cve
cve

CVE-2022-3539

The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is...

4.8CVSS

4.8AI Score

0.001EPSS

2022-11-14 03:15 PM
21
4
cve
cve

CVE-2022-44741

Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on...

8.8CVSS

8.2AI Score

0.001EPSS

2022-11-08 07:15 PM
22
5
cve
cve

CVE-2022-40213

Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at...

5.4CVSS

5.4AI Score

0.001EPSS

2022-09-23 02:15 PM
23
4
cve
cve

CVE-2021-36857

Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at...

5.4CVSS

5.2AI Score

0.001EPSS

2022-08-22 03:15 PM
30
5
cve
cve

CVE-2022-35882

Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at...

4.8CVSS

4.8AI Score

0.001EPSS

2022-07-28 03:15 PM
40
5
cve
cve

CVE-2021-36851

Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color,...

5.4CVSS

5.3AI Score

0.001EPSS

2022-04-04 08:15 PM
54
cve
cve

CVE-2022-23912

The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site...

6.1CVSS

6AI Score

0.001EPSS

2022-02-28 09:15 AM
60
cve
cve

CVE-2022-23911

The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL...

7.2CVSS

7.2AI Score

0.001EPSS

2022-02-28 09:15 AM
70
cve
cve

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....

9.8CVSS

9.4AI Score

0.004EPSS

2022-02-21 11:15 AM
132
2
cve
cve

CVE-2021-24598

The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is...

4.8CVSS

4.8AI Score

0.001EPSS

2021-11-17 11:15 AM
22
cve
cve

CVE-2021-24394

An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL...

7.2CVSS

7.2AI Score

0.001EPSS

2021-09-06 11:15 AM
24
cve
cve

CVE-2021-24156

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege...

5.4CVSS

5.6AI Score

0.001EPSS

2021-04-05 07:15 PM
19
2
cve
cve

CVE-2020-26672

Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the...

5.4CVSS

5.2AI Score

0.001EPSS

2020-10-16 03:15 PM
17
cve
cve

CVE-2015-9417

The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant...

6.5CVSS

6.6AI Score

0.001EPSS

2019-09-26 12:15 AM
46
cve
cve

CVE-2018-5372

The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id...

8.8CVSS

9.2AI Score

0.001EPSS

2018-01-12 09:29 AM
20
cve
cve

CVE-2013-5673

SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to...

8.8AI Score

0.014EPSS

2013-09-10 07:55 PM
19
cve
cve

CVE-2013-5672

Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an...

6.7AI Score

0.007EPSS

2013-09-10 07:55 PM
19