Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting

The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. id: CVE-2017-18558 info: name: Testimonials by BestWebSoft 0.1.9 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS...

Aajoda Testimonials < 2.2.2 - Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2178 info: name: Aajoda Testimonials...

WordPress Solid Testimonials – Testimonial Slider, Video Testimonials & Customer Reviews plugin <= 3.2.8 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin GS Testimonial Slider versions = 3.2.8...

EUVD-2026-20038

The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-3239

The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-3239 Strong Testimonials <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode

The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-3239 Strong Testimonials <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode

The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-3239

CVE-2026-3239 concerns the WordPress plugin Strong Testimonials. All versions up to and including 3.2.21 are affected by a Stored Cross-Site Scripting (Stored XSS) via the plugin’s testimonial_view shortcode, caused by insufficient input sanitization and output escaping on user-supplied attribute...

WordPress plugin Strong Testimonials 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-31074

Name of the Vulnerable Software and Affected Versions Strong Testimonials versions up to and including 3.2.21 Description The Strong Testimonials plugin for WordPress is susceptible to Stored Cross-Site Scripting through the testimonial view shortcode. Insufficient input sanitization and output...

CVE-2026-24957

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

CVE-2026-24957

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

EUVD-2026-5221

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

CVE-2026-24957 WordPress Strong Testimonials plugin <= 3.2.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

CVE-2026-24957 WordPress Strong Testimonials plugin <= 3.2.20 - Broken Access Control vulnerability

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

CVE-2026-24957

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through = 3.2.20...

CVE-2026-24957

CVE-2026-24957 affects the WordPress plugin Strong Testimonials (WP Chill Strong Testimonials) up to version 3.2.20. The issue is a Missing Authorization / Broken Access Control vulnerability caused by incorrectly configured access control security levels, allowing unauthorized access to certain ...

WordPress plugin Strong Testimonials 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress Beaver Builder Addons by WPZOOM plugin <= 1.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Testimonials Widget vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via Testimonials Widget vulnerability discovered by Francesco Carlucci in WordPress Plugin Beaver Builder Addons by WPZOOM versions = 1.3.4...

WordPress Testimonials Widget plugin <= 4.0.4 - Authenticated (Author+) Stored Cross-Site Scripting via testimonials Shortcode vulnerability

Authenticated Author+ Stored Cross-Site Scripting via testimonials Shortcode vulnerability discovered by stealthcopter in WordPress Plugin Testimonials Widget versions = 4.0.4...