Lucene search
K

724 matches found

Nuclei
Nuclei
added yesterday40 views

Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting

The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. id: CVE-2017-18558 info: name: Testimonials by BestWebSoft 0.1.9 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS...

6.1CVSS6.4AI score0.01384EPSS
Exploits1References4
Nuclei
Nuclei
added yesterday36 views

Aajoda Testimonials < 2.2.2 - Cross-Site Scripting

The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2178 info: name: Aajoda Testimonials...

4.8CVSS6.4AI score0.00773EPSS
Exploits2References3
NVD
NVD
added 2 days ago5 views

CVE-2026-59521

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...

7.2CVSS0.003EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-59521 WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...

7.2CVSS0.003EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-59521

The CVE-2026-59521 issue affects the WordPress Real Testimonials plugin (testimonial-free) by Deserialization of Untrusted Data, enabling PHP object injection in versions

7.2CVSS6.1AI score0.003EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/07/07 9:43 a.m.6 views

WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Real Testimonials versions = 3.1.15...

7.2CVSS5.9AI score0.003EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2026/06/26 3:32 p.m.6 views

EUVD-2025-210361

Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 3:16 p.m.8 views

CVE-2025-68075

Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...

6.5CVSS0.00161EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:52 p.m.14 views

CVE-2025-68075

CVE-2025-68075 describes a Contributor Cross Site Scripting (XSS) vulnerability in the WordPress plugin BNE Testimonials (versions ≤ 2.0.8). The CVSS 3.1 base metrics are provided (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) with a base score of 6.5 (Medium). Connected sources confirm the affected produ...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/26 2:52 p.m.37 views

CVE-2025-68075 WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...

6.5CVSS0.00161EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 1:57 p.m.6 views

WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BNE Testimonials versions = 2.0.8...

6.5CVSS5.8AI score0.00161EPSS
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/26 12:0 a.m.13 views

PT-2026-52719

Name of the Vulnerable Software and Affected Versions BNE Testimonials versions prior to 2.0.9 Description Cross Site Scripting XSS exists in the software, allowing a user with contributor privileges to execute malicious scripts in the browser of other users. Recommendations Update to a version...

6.5CVSS5.8AI score0.00161EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.8 views

PT-2026-52582

Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...

7.5CVSS5.8AI score0.00238EPSS
Exploits0References3
CVE
CVE
added 2026/06/24 6:0 a.m.82 views

CVE-2026-10735

CVE-2026-10735 concerns a supply‑chain compromise of ShapedPlugin Pro plugins (Product Slider Pro for WooCommerce, Real Testimonials Pro, Smart Post Show Pro) delivered via the vendor update server. Technical details show a stage 1 loader in src/Includes/LicenseLoader.php that runs on admin init ...

7.5CVSS6.2AI score0.00387EPSS
In wildExploits1References1
EUVD
EUVD
added 2026/06/18 7:48 a.m.11 views

EUVD-2026-37867

The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author' shortcode attribute in the 'testimonial' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

6.4CVSS5.6AI score0.00187EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/06/18 7:48 a.m.25 views

CVE-2026-8039 Fancy Testimonials <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting

The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author' shortcode attribute in the 'testimonial' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...

6.4CVSS0.00187EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 7:48 a.m.20 views

CVE-2026-8039

The CVE-2026-8039 entry concerns the WordPress plugin Fancy Testimonials (versions ≤ 1.0). It describes a Stored Cross-Site Scripting (XSS) vulnerability via the author attribute of the testimonial shortcode, caused by insufficient input sanitization/output escaping. Impacted condition: authentic...

6.4CVSS5.5AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.23 views

PT-2026-50651

Name of the Vulnerable Software and Affected Versions Fancy Testimonials versions prior to 1.1 Description The Fancy Testimonials plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the author attribute o...

6.4CVSS6AI score0.00187EPSS
Exploits0References6
Patchstack
Patchstack
added 2026/06/17 7:25 p.m.7 views

WordPress Fancy Testimonials plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Fancy Testimonials versions = 1.0...

6.4CVSS5.2AI score0.00187EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/06/05 7:37 p.m.10 views

CVE-2026-3239

The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS5.7AI score0.00199EPSS
Exploits0References1
Rows per page
Query Builder