Lucene search
K

105 matches found

OpenVAS
OpenVAS
added 2024/01/09 12:0 a.m.11 views

WordPress Strong Testmionials Plugin < 3.1.11 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:machothemes:strongtestimonials"; if description...

8.8CVSS6.6AI score0.00227EPSS
Exploits0References1
Prion
Prion
added 2023/10/20 5:15 a.m.19 views

Cross site scripting

The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

4.9CVSS5.2AI score0.00448EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/10/03 12:15 p.m.15 views

CVE-2023-2830

Cross-Site Request Forgery CSRF vulnerability in Trustindex.Io WP Testimonials plugin = 1.4.2 versions...

8.8CVSS6.5AI score0.00263EPSS
Exploits0References1
Prion
Prion
added 2023/10/03 12:15 p.m.15 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Trustindex.Io WP Testimonials plugin = 1.4.2 versions...

6.8CVSS8.7AI score0.00263EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/10/03 12:0 a.m.2 views

WordPress Plugin WP Testimonials Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP...

8.8CVSS6.6AI score0.00263EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/08/10 12:0 a.m.8 views

WordPress WP Testimonials Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Testimonials Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2830 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID beae4f3056d8 Credits Skalucy Required...

8.8CVSS6.7AI score0.00263EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/06/27 2:15 p.m.5 views

CVE-2023-2178

The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS7.3AI score0.00773EPSS
Exploits2References1
OSV
OSV
added 2023/04/06 11:15 a.m.4 views

CVE-2023-24411

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Kerry Kline BNE Testimonials plugin = 2.0.7 versions...

5.4CVSS6.1AI score0.00429EPSS
Exploits0References1
CVE
CVE
added 2023/04/06 10:52 a.m.43 views

CVE-2023-24411

CVE-2023-24411 affects the WordPress plugin BNE Testimonials by Kerry Kline, specifically versions

6.5CVSS5.3AI score0.00429EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/04/06 10:52 a.m.25 views

CVE-2023-24411 WordPress BNE Testimonials Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Kerry Kline BNE Testimonials plugin = 2.0.7 versions...

6.5CVSS6AI score0.00429EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.4 views

PT-2023-19572 · Unknown · Kerry Kline Bne Testimonials

Name of the Vulnerable Software and Affected Versions: Kerry Kline BNE Testimonials plugin versions prior to 2.0.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, which...

6.5CVSS5.1AI score0.00429EPSS
Exploits0References3
OSV
OSV
added 2023/03/17 2:15 p.m.2 views

CVE-2022-45817

Cross-Site Scripting XSS vulnerability in Erin Garscadden GC Testimonials plugin = 1.3.2 versions...

6.1CVSS5.8AI score0.00384EPSS
Exploits0References1
Prion
Prion
added 2023/03/17 2:15 p.m.12 views

Cross site scripting

Cross-Site Scripting XSS vulnerability in Erin Garscadden GC Testimonials plugin = 1.3.2 versions...

5.8CVSS5.9AI score0.00384EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/03/13 1:15 p.m.3 views

CVE-2023-1372

The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as whhomepage, whtextshort, whtextfull and in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

6.1CVSS5.9AI score0.00743EPSS
Exploits2References3
Prion
Prion
added 2023/03/13 1:15 p.m.18 views

Cross site scripting

The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as whhomepage, whtextshort, whtextfull and in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...

5.8CVSS5.8AI score0.00743EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/13 12:0 a.m.7 views

PT-2023-16938 · WordPress · Wh Testimonials

Name of the Vulnerable Software and Affected Versions: The WH Testimonials plugin for WordPress versions up to, and including, 3.0.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers t...

7.2CVSS6.2AI score0.00743EPSS
Exploits2References6
Patchstack
Patchstack
added 2023/03/13 12:0 a.m.12 views

WordPress WH Testimonials Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)

Software WH Testimonials Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1372 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 83cf629d552b Credits Daniel Kelley Required...

7.2CVSS5.6AI score0.00743EPSS
Exploits2References5Affected Software1
OSV
OSV
added 2023/01/16 4:15 p.m.3 views

CVE-2022-4648

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.4CVSS5.8AI score0.00471EPSS
Exploits2References1
Prion
Prion
added 2023/01/16 4:15 p.m.15 views

Cross site scripting

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

4.9CVSS5.3AI score0.00471EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/16 3:37 p.m.5 views

CVE-2022-4648 Real Testimonials < 2.6.0 - Contributor+ Stored XSS

The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...

5.9AI score0.00471EPSS
Exploits2References1
Rows per page
Query Builder