105 matches found
WordPress Strong Testmionials Plugin < 3.1.11 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:machothemes:strongtestimonials"; if description...
Cross site scripting
The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpsscode' shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
CVE-2023-2830
Cross-Site Request Forgery CSRF vulnerability in Trustindex.Io WP Testimonials plugin = 1.4.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Trustindex.Io WP Testimonials plugin = 1.4.2 versions...
WordPress Plugin WP Testimonials Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin WP...
WordPress WP Testimonials Plugin <= 1.4.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP Testimonials Type Plugin Vulnerable versions = 1.4.2 Fixed in 1.4.3 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-2830 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID beae4f3056d8 Credits Skalucy Required...
CVE-2023-2178
The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-24411
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Kerry Kline BNE Testimonials plugin = 2.0.7 versions...
CVE-2023-24411
CVE-2023-24411 affects the WordPress plugin BNE Testimonials by Kerry Kline, specifically versions
CVE-2023-24411 WordPress BNE Testimonials Plugin <= 2.0.7 is vulnerable to Cross Site Scripting (XSS)
Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Kerry Kline BNE Testimonials plugin = 2.0.7 versions...
PT-2023-19572 · Unknown · Kerry Kline Bne Testimonials
Name of the Vulnerable Software and Affected Versions: Kerry Kline BNE Testimonials plugin versions prior to 2.0.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a website, which...
CVE-2022-45817
Cross-Site Scripting XSS vulnerability in Erin Garscadden GC Testimonials plugin = 1.3.2 versions...
Cross site scripting
Cross-Site Scripting XSS vulnerability in Erin Garscadden GC Testimonials plugin = 1.3.2 versions...
CVE-2023-1372
The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as whhomepage, whtextshort, whtextfull and in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
Cross site scripting
The WH Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters such as whhomepage, whtextshort, whtextfull and in versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticat...
PT-2023-16938 · WordPress · Wh Testimonials
Name of the Vulnerable Software and Affected Versions: The WH Testimonials plugin for WordPress versions up to, and including, 3.0.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attackers t...
WordPress WH Testimonials Plugin <= 3.0.0 is vulnerable to Cross Site Scripting (XSS)
Software WH Testimonials Type Plugin Vulnerable versions = 3.0.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1372 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 83cf629d552b Credits Daniel Kelley Required...
CVE-2022-4648
The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
Cross site scripting
The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...
CVE-2022-4648 Real Testimonials < 2.6.0 - Contributor+ Stored XSS
The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high...