15 matches found
CVE-2026-2716
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-2716
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-2716
CVE-2026-2716 concerns the WordPress plugin Client Testimonial Slider (WP). It describes a Stored Cross-Site Scripting (XSS) vulnerability via the Testimonial Heading setting, affecting all versions up to and including 2.0. The root cause is insufficient input sanitization and output escaping, en...
CVE-2026-2716 Client Testimonial Slider <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-2716
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
CVE-2026-2716 Client Testimonial Slider <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
WordPress Client Testimonial Slider plugin <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'Testimonial Heading' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Client Testimonial Slider versions = 2.0...
WordPress plugin Client Testimonial Slider 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-13897
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'afttestimonialmetaname' custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied...
CVE-2025-13897
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'afttestimonialmetaname' custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied...
CVE-2025-13897 Client Testimonial Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'afttestimonialmetaname' custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied...
CVE-2025-13897 Client Testimonial Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field
The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'afttestimonialmetaname' custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied...
CVE-2025-13897
CVE-2025-13897 refers to a Stored XSS vulnerability in the WordPress plugin Client Testimonial Slider . The flaw exists in the aft_testimonial_meta_name field within the Client Information metabox, where input is not properly sanitized or output escaped across all versions up to 2.0. The conseque...
PT-2026-1723
Name of the Vulnerable Software and Affected Versions Client Testimonial Slider versions up to and including 2.0 Description The Client Testimonial Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting through the aft testimonial meta name custom field within the Client...
WordPress plugin Client Testimonial Slider 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...