Lucene search
+L

554 matches found

Cvelist
Cvelist
added 2026/01/09 11:15 a.m.32 views

CVE-2025-13897 Client Testimonial Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'afttestimonialmetaname' custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS0.00232EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/09 11:15 a.m.4 views

CVE-2025-13897 Client Testimonial Slider <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field

The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'afttestimonialmetaname' custom field in the Client Information metabox in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user-supplied...

6.4CVSS4.7AI score0.00232EPSS
Exploits0References3
CVE
CVE
added 2026/01/09 11:15 a.m.18 views

CVE-2025-13897

CVE-2025-13897 refers to a Stored XSS vulnerability in the WordPress plugin Client Testimonial Slider . The flaw exists in the aft_testimonial_meta_name field within the Client Information metabox, where input is not properly sanitized or output escaped across all versions up to 2.0. The conseque...

6.4CVSS4.7AI score0.00232EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 10:54 a.m.12 views

CVE-2022-23911

The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection...

7.2CVSS7AI score0.01445EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.6 views

WordPress plugin Client Testimonial Slider 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

6.4CVSS5.5AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.9 views

PT-2026-1723

Name of the Vulnerable Software and Affected Versions Client Testimonial Slider versions up to and including 2.0 Description The Client Testimonial Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting through the aft testimonial meta name custom field within the Client...

6.4CVSS5AI score0.00232EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/01/08 11:11 p.m.8 views

WordPress Client Testimonial Slider plugin <= 2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'aft_testimonial_meta_name' Metabox Field vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'afttestimonialmetaname' Metabox Field vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Client Testimonial Slider versions = 2.0...

6.4CVSS5.8AI score0.00232EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-14127

The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00324EPSS
Exploits0References4
Patchstack
Patchstack
added 2026/01/07 11:53 a.m.6 views

WordPress Testimonial Master plugin <= 0.2.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF'] vulnerability

Reflected Cross-Site Scripting via $SERVER'PHPSELF' vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin Testimonial Master versions = 0.2.1...

6.1CVSS6.3AI score0.00324EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/01/07 9:20 a.m.26 views

CVE-2025-14127 Testimonial Master <= 0.2.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00324EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 9:20 a.m.16 views

CVE-2025-14127

CVE-2025-14127 concerns the Testimonial Master WordPress plugin. The Wordfence report confirms a reflected Cross‑Site Scripting flaw caused by insufficient input sanitization and output escaping in versions up to 0.2.1, exploitable via the PHP_SELF variable. The vulnerability is unauthenticated a...

6.1CVSS5.3AI score0.00324EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 9:20 a.m.2 views

CVE-2025-14127 Testimonial Master <= 0.2.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Testimonial Master plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

6.1CVSS5.3AI score0.00324EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

WordPress plugin Testimonial Master 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site scriptin...

6.1CVSS5.9AI score0.00324EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.4 views

PT-2026-1627

Name of the Vulnerable Software and Affected Versions Testimonial Master plugin for WordPress versions up to and including 0.2.1 Description The Testimonial Master plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to insufficient input sanitization and output...

6.1CVSS6.3AI score0.00324EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/31 1:7 p.m.16 views

CVE-2025-14426

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS5.1AI score0.002EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/25 9:44 a.m.6 views

WordPress Testimonial Slider plugin <= 2.0.15 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Abu Hurayra in WordPress Plugin Testimonial Slider versions = 2.0.15...

6.5CVSS7AI score0.00315EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/14 8:45 a.m.14 views

CVE-2025-8199

The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial Marquee widget in all versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5AI score0.00189EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203246

The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial Marquee widget in all versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS4.7AI score0.00189EPSS
Exploits0References4
NVD
NVD
added 2025/12/13 4:16 p.m.24 views

CVE-2025-8199

The MarqueeAddons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Testimonial Marquee widget in all versions up to, and including, 2.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00189EPSS
Exploits0References3
CVE
CVE
added 2025/12/13 8:21 a.m.20 views

CVE-2025-8199

CVE-2025-8199 : Marquee Addons for Elementor is affected up to version 2.4.3. The vulnerability is a Stored Cross-Site Scripting in the Testimonial Marquee widget caused by insufficient input sanitization and output escaping on user-supplied attributes. An authenticated attacker with contributor-...

6.4CVSS4.7AI score0.00189EPSS
Exploits0References3
Rows per page
Query Builder