Lucene search
+L

8 matches found

cnvd
cnvd
added 2026/01/19 12:0 a.m.2 views

WordPress Testimonials Creator plugin cross-site scripting vulnerability

WordPress Testimonials Creator plugin is a tool for creating and displaying customer testimonials that allows users to build flexible testimonial displays with a testimonial builder, ratings submission form, and a variety of design layouts with highly customizable styling support. A cross-site...

4.4CVSS6AI score0.00208EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/01/15 6:21 a.m.12 views

CVE-2025-14379

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS5.2AI score0.00208EPSS
Exploits0References1
nvd
nvd
added 2026/01/14 6:15 a.m.5 views

CVE-2025-14379

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS0.00208EPSS
Exploits0References2
cvelist
cvelist
added 2026/01/14 5:28 a.m.29 views

CVE-2025-14379 Testimonials Creator 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS0.00208EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/01/14 5:28 a.m.3 views

CVE-2025-14379 Testimonials Creator 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS4.8AI score0.00208EPSS
Exploits0References2
cve
cve
added 2026/01/14 5:28 a.m.23 views

CVE-2025-14379

The CVE-2025-14379 entry concerns the WordPress plugin Testimonials Creator (version 1.6). Affected component: the plugin’s admin/settings handling where insufficient input sanitization and output escaping enables a Stored Cross-Site Scripting (XSS) vulnerability. Attack scenario: authenticated a...

4.4CVSS4.9AI score0.00208EPSS
Exploits0References2
cnnvd
cnnvd
added 2026/01/14 12:0 a.m.8 views

WordPress plugin Testimonials Creator 跨站脚本漏洞

WordPress Testimonials Creator plugin is a tool for creating and displaying customer testimonials that allows users to build flexible testimonial displays with a testimonial builder, ratings submission form, and a variety of design layouts with highly customizable styling support. A cross-site...

4.4CVSS5.9AI score0.00208EPSS
Exploits0References3
patchstack
patchstack
added 2026/01/13 10:21 p.m.11 views

WordPress Testimonials Creator plugin 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jochem Boender in WordPress Plugin Testimonials Creator versions 1.6...

4.4CVSS5.7AI score0.00208EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder