Lucene search
K

105 matches found

Patchstack
Patchstack
added 2022/11/15 12:0 a.m.13 views

WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. Stored Cross-Site Scripting XSS vulnerability discovered by Asif Nawaz Minhas in WordPress Testimonials plugin versions = 2.6. Solution Update the WordPress Testimonials plugin to the latest available version at least 2.7...

4.8CVSS3.1AI score0.00501EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/11/14 3:15 p.m.6 views

CVE-2022-3539

The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.00501EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/11/14 12:0 a.m.9 views

PT-2022-22793

Name of the Vulnerable Software and Affected Versions Testimonials WordPress plugin versions prior to 2.7 super-testimonial-pro WordPress plugin versions prior to 1.0.8 Description The issue allows high privilege users, such as admins, to perform cross-Site Scripting attacks, even when the...

4.8CVSS4.7AI score0.00501EPSS
Exploits1References6
CNNVD
CNNVD
added 2022/11/14 12:0 a.m.6 views

WordPress plugin Testimonials 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...

4.8CVSS5AI score0.00501EPSS
Exploits1References3
OSV
OSV
added 2022/10/28 4:15 p.m.1 views

CVE-2021-36858

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Themepoints Testimonials plugin = 2.6 on WordPress...

4.8CVSS5.8AI score0.00412EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2022/10/28 3:9 p.m.8 views

CVE-2021-36858 WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Themepoints Testimonials plugin = 2.6 on WordPress...

4.8CVSS4.8AI score0.00412EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/10/28 3:9 p.m.20 views

CVE-2021-36858 WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Themepoints Testimonials plugin = 2.6 on WordPress...

4.8CVSS5.1AI score0.00412EPSS
Exploits0References2
OSV
OSV
added 2022/07/22 5:15 p.m.3 views

CVE-2022-33191

Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerability in Chinmoy Paul's Testimonials plugin = 3.0.1 at WordPress...

5.4CVSS5.8AI score0.00457EPSS
Exploits0References2
Prion
Prion
added 2022/07/22 5:15 p.m.19 views

Cross site scripting

Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerability in Chinmoy Paul's Testimonials plugin = 3.0.1 at WordPress...

4.9CVSS5.2AI score0.00457EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2022/07/22 4:46 p.m.6 views

CVE-2022-33191 WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated contributor or higher user role Stored Cross-Site Scripting XSS vulnerability in Chinmoy Paul's Testimonials plugin = 3.0.1 at WordPress...

4.1CVSS5.6AI score0.00457EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/22 12:0 a.m.15 views

WordPress plugin Testimonials 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Testimonials plugin is vulnerable to a cross-site scripting vulnerability that stems from t...

5.4CVSS5.6AI score0.00457EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2022/07/19 12:0 a.m.24 views

Testimonials <= 3.0.1 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some parameters available to users with a role as low as contributor, allowing them to perform Stored Cross-Site Scripting attacks...

5.4CVSS3.8AI score0.00457EPSS
Exploits0Affected Software1
OSV
OSV
added 2020/06/22 12:15 a.m.4 views

CVE-2020-14959

Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter...

5.4CVSS6.2AI score0.00892EPSS
Exploits2References1
Cvelist
Cvelist
added 2020/06/21 11:4 p.m.31 views

CVE-2020-14959

Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter...

5.6AI score0.00892EPSS
Exploits2References1
Exploit DB
Exploit DB
added 2020/02/17 12:0 a.m.200 views

WordPress Plugin Strong Testimonials 2.40.1 - Persistent Cross-Site Scripting

Exploit Title: Wordpress Plugin Strong Testimonials 2.40.0 - Persistent Cross-Site Scripting Date: 2020-01-23 Vendor Homepage: https://strongtestimonials.com Vendor Changelog: https://github.com/MachoThemes/strong-testimonials/blob/master/changelog.txt Exploit Author: Jinson Varghese Behanan Auth...

6.1CVSS6.3AI score0.01879EPSS
Exploits5
Prion
Prion
added 2020/02/03 5:15 p.m.21 views

Cross site scripting

Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens...

4.3CVSS5.9AI score0.01879EPSS
Exploits5References5Affected Software1
CVE
CVE
added 2020/01/30 8:26 p.m.91 views

CVE-2013-4241

CVE-2013-4241 (HMS Testimonials plugin for WordPress) : The NVD and related records describe multiple XSS vulnerabilities in the HMS Testimonials plugin for WordPress, fixed in versions before 2.0.11. The affected vectors include the Testimonial form fields (name, image, url, testimonial) and sev...

6.1CVSS6.1AI score0.03663EPSS
Exploits1References5Affected Software1
CNVD
CNVD
added 2019/08/23 12:0 a.m.3 views

WordPress bws-testimonials plugin cross-site scripting vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the WordPress bws-testimonials plugin. An attacker can exploit...

6.1CVSS6.3AI score0.01384EPSS
Exploits1References1
Cvelist
Cvelist
added 2019/08/21 12:54 p.m.23 views

CVE-2017-18558

The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues...

6.1AI score0.01384EPSS
Exploits1References1
CNVD
CNVD
added 2017/06/14 12:0 a.m.13 views

WordPress WP-Testimonials Plugin SQL Injection Vulnerability

WordPress is a set of blogging platform developed by WordPress Software Foundation using PHP language, which supports setting up personal blog sites on PHP and MySQL servers.WP-Testimonials plugin is one of the plugins that can be used to add 'testimonials' to the sidebar or any page/post...

8.8CVSS8.3AI score0.0239EPSS
Exploits4References1
Rows per page
Query Builder