Lucene search
K

720 matches found

Patchstack
Patchstack
added 2026/01/24 5:43 a.m.7 views

WordPress Canto Testimonials plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via 'fx' Shortcode Attribute vulnerability discovered by theviper17y in WordPress Plugin Canto Testimonials versions = 1.0...

6.4CVSS5.4AI score0.0025EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.5 views

WordPress plugin Canto: Testimonials for cross-site scripting vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

6.4CVSS5.7AI score0.0025EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.9 views

PT-2026-4584

The Canto Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fx' shortcode attribute in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

6.4CVSS5.8AI score0.0025EPSS
Exploits0References4
CNVD
CNVD
added 2026/01/19 12:0 a.m.2 views

WordPress Testimonials Creator plugin cross-site scripting vulnerability

WordPress Testimonials Creator plugin is a tool for creating and displaying customer testimonials that allows users to build flexible testimonial displays with a testimonial builder, ratings submission form, and a variety of design layouts with highly customizable styling support. A cross-site...

4.4CVSS6AI score0.00208EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/15 6:21 a.m.12 views

CVE-2025-14379

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS5.2AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2026/01/14 6:15 a.m.5 views

CVE-2025-14379

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/14 5:28 a.m.3 views

CVE-2025-14379 Testimonials Creator 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS4.8AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2026/01/14 5:28 a.m.19 views

CVE-2025-14379

The CVE-2025-14379 entry concerns the WordPress plugin Testimonials Creator (version 1.6). Affected component: the plugin’s admin/settings handling where insufficient input sanitization and output escaping enables a Stored Cross-Site Scripting (XSS) vulnerability. Attack scenario: authenticated a...

4.4CVSS4.9AI score0.00208EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.27 views

CVE-2025-14379 Testimonials Creator 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting

The Testimonials Creator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in version 1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.4CVSS0.00208EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/14 12:0 a.m.6 views

WordPress plugin Testimonials Creator 跨站脚本漏洞

WordPress Testimonials Creator plugin is a tool for creating and displaying customer testimonials that allows users to build flexible testimonial displays with a testimonial builder, ratings submission form, and a variety of design layouts with highly customizable styling support. A cross-site...

4.4CVSS5.9AI score0.00208EPSS
Exploits0References3
Patchstack
Patchstack
added 2026/01/13 10:21 p.m.9 views

WordPress Testimonials Creator plugin 1.6 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Jochem Boender in WordPress Plugin Testimonials Creator versions 1.6...

4.4CVSS5.7AI score0.00208EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 11:58 a.m.10 views

CVE-2018-19564

Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters ikcfclient and ikcfposition and ikcfother have Cross-Site Scripting...

6.1CVSS6AI score0.00932EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:36 a.m.9 views

CVE-2017-12131

The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens...

6.1CVSS6.2AI score0.0078EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:34 a.m.8 views

CVE-2017-18558

The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues...

6.1CVSS6.2AI score0.01384EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:48 a.m.5 views

CVE-2025-23560

Cross-Site Request Forgery CSRF vulnerability in plumwd Web Testimonials web-testimonials allows Stored XSS.This issue affects Web Testimonials: from n/a through = 1.2...

7.1CVSS7.2AI score0.00195EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/31 1:7 p.m.16 views

CVE-2025-14426

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS5.1AI score0.002EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/30 3:30 p.m.5 views

EUVD-2025-205774

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS4.7AI score0.002EPSS
Exploits0References5
NVD
NVD
added 2025/12/30 1:16 p.m.5 views

CVE-2025-14426

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS0.002EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/30 12:22 p.m.1 views

CVE-2025-14426 Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS4.8AI score0.002EPSS
Exploits0References4
CVE
CVE
added 2025/12/30 12:22 p.m.25 views

CVE-2025-14426

The CVE-2025-14426 entry affects the Strong Testimonials WordPress plugin (all versions up to 3.2.18). Root cause: a missing capability check in the edit_rating function allows authenticated attackers with Contributor level access or higher to modify or delete rating meta on any testimonial post,...

4.3CVSS4.8AI score0.002EPSS
Exploits0References4
Rows per page
Query Builder