3 matches found
CVE-2022-23912
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting...
CVE-2022-23912 AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting
The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting...
CVE-2022-23912
The CVE-2022-23912 entry concerns the WordPress AP Custom Testimonial plugin (and related Testimonial plugin lineage) with a Reflected XSS vulnerability caused by not sanitising/escaping the id parameter before outputting it in an attribute. Affected versions are ≤ 1.4.7; exploitation could injec...