553 matches found
CVE-2026-8039
The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author' shortcode attribute in the 'testimonial' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
EUVD-2026-37867
The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author' shortcode attribute in the 'testimonial' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-8039 Fancy Testimonials <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting
The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author' shortcode attribute in the 'testimonial' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-8039
The CVE-2026-8039 entry concerns the WordPress plugin Fancy Testimonials (versions ≤ 1.0). It describes a Stored Cross-Site Scripting (XSS) vulnerability via the author attribute of the testimonial shortcode, caused by insufficient input sanitization/output escaping. Impacted condition: authentic...
EUVD-2022-55972
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject JavaScript payloads through the...
CVE-2022-50947
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject JavaScript payloads through the...
CVE-2022-50947
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject JavaScript payloads through the...
CVE-2022-50947
The CVE-2022-50947 entry concerns WordPress Plugin Testimonial Slider and Showcase version 2.2.6. A stored XSS vulnerability exists in the post_title field due to insufficient sanitization, exploitable by authenticated editors with low privileges. Attackers with editor rights can inject JavaScrip...
CVE-2022-50947 WordPress Plugin Testimonial Slider and Showcase 2.2.6 Stored XSS
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject JavaScript payloads through the...
CVE-2022-50947 WordPress Plugin Testimonial Slider and Showcase 2.2.6 Stored XSS
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject JavaScript payloads through the...
CVE-2022-50946 WordPress Plugin Netroics Blog Posts Grid 1.0 Stored XSS
WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the posttitle parameter. Attackers with editor privileges can inject script payloads through the testimonial titl...
WordPress plugin Testimonial Slider and Showcase 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-39476
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post title parameter. Attackers with editor privileges can inject JavaScript payloads through the...
WordPress Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews plugin <= 3.2.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability
Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin GS Testimonial Slider versions = 3.2.8...
WordPress Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget plugin <= 3.5.6 - Backdoor vulnerability
Backdoor vulnerability discovered by ? in WordPress Plugin Testimonial Grid and Testimonial Slider plus Carousel with Rotator Widget versions = 3.5.6...
CVE-2026-3239 Strong Testimonials <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-3239 Strong Testimonials <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2026-3239
CVE-2026-3239 concerns the WordPress plugin Strong Testimonials. All versions up to and including 3.2.21 are affected by a Stored Cross-Site Scripting (Stored XSS) via the plugin’s testimonial_view shortcode, caused by insufficient input sanitization and output escaping on user-supplied attribute...
WordPress plugin Strong Testimonials 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
WordPress Strong Testimonials plugin <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via testimonialview Shortcode vulnerability discovered by Ronnachai Sretawat Na Ayutaya Simonhaskelly - Reconix Co., Ltd. in WordPress Plugin Strong Testimonials versions = 3.2.21...