Lucene search
K

4 matches found

Patchstack
Patchstack
added 6 days ago6 views

WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Real Testimonials versions = 3.1.15...

7.2CVSS5.9AI score
Exploits0Affected Software1
OSV
OSV
added 2023/01/16 4:15 p.m.3 views

CVE-2022-4648

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
Prion
Prion
added 2023/01/16 4:15 p.m.16 views

Cross site scripting

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

4.9CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/16 3:37 p.m.5 views

CVE-2022-4648 Real Testimonials < 2.6.0 - Contributor+ Stored XSS

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.9AI score0.00471EPSS
Exploits2References1
Rows per page
Query Builder