724 matches found
Testimonials by BestWebSoft < 0.1.9 - Cross-Site Scripting
The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. id: CVE-2017-18558 info: name: Testimonials by BestWebSoft 0.1.9 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS...
Aajoda Testimonials < 2.2.2 - Cross-Site Scripting
The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. id: CVE-2023-2178 info: name: Aajoda Testimonials...
CVE-2026-59521
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...
CVE-2026-59521 WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in ShapedPlugin LLC Real Testimonials testimonial-free allows Object Injection.This issue affects Real Testimonials: from n/a through = 3.1.15...
CVE-2026-59521
The CVE-2026-59521 issue affects the WordPress Real Testimonials plugin (testimonial-free) by Deserialization of Untrusted Data, enabling PHP object injection in versions
WordPress Real Testimonials plugin <= 3.1.15 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Real Testimonials versions = 3.1.15...
EUVD-2025-210361
Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...
CVE-2025-68075
Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...
CVE-2025-68075
CVE-2025-68075 describes a Contributor Cross Site Scripting (XSS) vulnerability in the WordPress plugin BNE Testimonials (versions ≤ 2.0.8). The CVSS 3.1 base metrics are provided (AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L) with a base score of 6.5 (Medium). Connected sources confirm the affected produ...
CVE-2025-68075 WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Contributor Cross Site Scripting XSS in BNE Testimonials = 2.0.8 versions...
WordPress BNE Testimonials plugin <= 2.0.8 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin BNE Testimonials versions = 2.0.8...
PT-2026-52719
Name of the Vulnerable Software and Affected Versions BNE Testimonials versions prior to 2.0.9 Description Cross Site Scripting XSS exists in the software, allowing a user with contributor privileges to execute malicious scripts in the browser of other users. Recommendations Update to a version...
PT-2026-52582
Unauthenticated Broken Access Control in Paymob for WooCommerce = 4.1.2 versions...
CVE-2026-10735
CVE-2026-10735 concerns a supply‑chain compromise of ShapedPlugin Pro plugins (Product Slider Pro for WooCommerce, Real Testimonials Pro, Smart Post Show Pro) delivered via the vendor update server. Technical details show a stage 1 loader in src/Includes/LicenseLoader.php that runs on admin init ...
EUVD-2026-37867
The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author' shortcode attribute in the 'testimonial' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-8039 Fancy Testimonials <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting
The Fancy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'author' shortcode attribute in the 'testimonial' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticat...
CVE-2026-8039
The CVE-2026-8039 entry concerns the WordPress plugin Fancy Testimonials (versions ≤ 1.0). It describes a Stored Cross-Site Scripting (XSS) vulnerability via the author attribute of the testimonial shortcode, caused by insufficient input sanitization/output escaping. Impacted condition: authentic...
PT-2026-50651
Name of the Vulnerable Software and Affected Versions Fancy Testimonials versions prior to 1.1 Description The Fancy Testimonials plugin for WordPress contains a Stored Cross-Site Scripting issue. This occurs due to insufficient input sanitization and output escaping within the author attribute o...
WordPress Fancy Testimonials plugin <= 1.0 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability
Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin Fancy Testimonials versions = 1.0...
CVE-2026-3239
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...