4 matches found
CVE-2024-3261 Strong Testimonials < 3.1.12 - Contributor+ Stored XSS
The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific...
CVE-2024-3261 Strong Testimonials < 3.1.12 - Contributor+ Stored XSS
The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific...
CVE-2024-3261
The CVE-2024-3261 entry concerns the WordPress plugin Strong Testimonials (prior to 3.1.12). It states that certain Testimonial fields are not validated/escaped before being output on pages, enabling Stored XSS for users with contributor role or higher when a specific view is accessed. Affected a...
WordPress Strong Testimonials Plugin < 3.1.12 is vulnerable to Cross Site Scripting (XSS)
Software Strong Testimonials Type Plugin Vulnerable versions 3.1.12 Fixed in 3.1.12 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3261 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4383da9e6ea2 Credits Dmitrii Ignatyev...