CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

105 matches found

NVD•added 2026/04/08 5:16 a.m.•1 views

CVE-2026-3239

The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

6.4CVSS0.00037EPSS

Exploits0References2

Cvelist•added 2026/04/08 4:27 a.m.•21 views

CVE-2026-3239 Strong Testimonials <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode

6.4CVSS0.00037EPSS

Exploits0References2

CNNVD•added 2026/04/08 12:0 a.m.•3 views

WordPress plugin Strong Testimonials 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00037EPSS

Exploits0References2

Positive Technologies•added 2026/04/08 12:0 a.m.•1 views

PT-2026-31074

Name of the Vulnerable Software and Affected Versions Strong Testimonials versions up to and including 3.2.21 Description The Strong Testimonials plugin for WordPress is susceptible to Stored Cross-Site Scripting through the testimonial view shortcode. Insufficient input sanitization and output...

6.4CVSS5.9AI score0.00037EPSS

Exploits0References8

NVD•added 2026/01/24 8:16 a.m.•2 views

CVE-2026-1095

The Canto Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fx' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS0.00016EPSS

Exploits0References3

RedhatCVE•added 2026/01/09 10:36 a.m.•7 views

CVE-2017-12131

The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens...

6.1CVSS6.2AI score0.00315EPSS

Exploits1References1

RedhatCVE•added 2026/01/09 10:34 a.m.•6 views

CVE-2017-18558

The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.00097EPSS

Exploits1References1

RedhatCVE•added 2025/12/31 1:7 p.m.•2 views

CVE-2025-14426

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS5.1AI score0.00034EPSS

Exploits0References1

CNNVD•added 2025/12/30 12:0 a.m.•1 views

WordPress plugin Strong Testimonials 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.3AI score0.00034EPSS

Exploits0References4

Cvelist•added 2025/12/16 8:12 a.m.•29 views

CVE-2025-67912 WordPress Stars Testimonials plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premio Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through = 3.3.4...

6.5CVSS0.00029EPSS

Exploits0References1

CNNVD•added 2025/12/16 12:0 a.m.•1 views

WordPress plugin Stars Testimonials 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exis...

6.5CVSS5.6AI score0.00029EPSS

Exploits0References3

RedhatCVE•added 2025/12/14 5:3 a.m.•2 views

CVE-2025-14378

The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS5AI score0.0002EPSS

Exploits0References1

EUVD•added 2025/12/13 6:30 p.m.•3 views

EUVD-2025-203231

4.4CVSS4.6AI score0.0002EPSS

Exploits0References3

Patchstack•added 2025/11/10 1:34 a.m.•3 views

WordPress Stars Testimonials plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Stars Testimonials versions = 3.3.4...

6.5CVSS6.1AI score0.00029EPSS

Exploits0Affected Software1

RedhatCVE•added 2025/11/07 8:50 a.m.•3 views

CVE-2025-11268

The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a doshortco...

4.3CVSS6.7AI score0.00156EPSS

Exploits0References1

NVD•added 2025/10/27 2:15 a.m.•1 views

CVE-2025-62933

Cross-Site Request Forgery CSRF vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through = 2.2.1...

7.1CVSS0.00016EPSS

Exploits0References1

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-23434

Malware in sbrugna...

4.8CVSS5.1AI score0.00218EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•2 views

EUVD-2020-7093

Malware in sbrugna...

5.4CVSS5.6AI score0.00159EPSS

Exploits2References2