CVE-2022-23912 AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting

The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting...

AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting

The plugin does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting https://example.com/wp-admin/admin.php?page=apcttestimonialedit&id=1"alert/XSS/...

WordPress AP Custom Testimonial plugin <= 1.4.7 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Rafael Castilho in WordPress AP Custom Testimonial plugin versions = 1.4.7. Solution Update the WordPress AP Custom Testimonial plugin to the latest available version at least 1.4.8...

WordPress AP Custom Testimonial plugin <= 1.4.7 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by Rafael Castilho in WordPress AP Custom Testimonial plugin versions = 1.4.7. Solution Update the WordPress AP Custom Testimonial plugin to the latest available version at least 1.4.8...