5 matches found
CVE-2024-1746
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1746
CVE-2024-1746 affects the WordPress plugin Testimonial Slider (versions prior to 2.3.8). The vulnerability stems from insufficient sanitization/escaping of certain plugin settings, allowing Stored XSS by high-privilege users (e.g., administrators) even when the unfiltered_html capability is disal...
CVE-2024-1746 Testimonial Slider < 2.3.8 - Admin+ Stored XSS
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2024-1746 Testimonial Slider < 2.3.8 - Admin+ Stored XSS
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Testimonial Slider Plugin < 2.3.8 is vulnerable to Cross Site Scripting (XSS)
Software Testimonial Slider Type Plugin Vulnerable versions 2.3.8 Fixed in 2.3.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1746 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID e974538b892e Credits Dmitrii Ignatyev Requir...