Lucene search
K

724 matches found

EUVD
EUVD
added 2025/12/30 3:30 p.m.5 views

EUVD-2025-205774

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS4.7AI score0.002EPSS
Exploits0References5
NVD
NVD
added 2025/12/30 1:16 p.m.5 views

CVE-2025-14426

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS0.002EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/30 12:22 p.m.1 views

CVE-2025-14426 Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS4.8AI score0.002EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/30 12:22 p.m.25 views

CVE-2025-14426 Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'editrating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above t...

4.3CVSS0.002EPSS
Exploits0References4
CVE
CVE
added 2025/12/30 12:22 p.m.27 views

CVE-2025-14426

The CVE-2025-14426 entry affects the Strong Testimonials WordPress plugin (all versions up to 3.2.18). Root cause: a missing capability check in the edit_rating function allows authenticated attackers with Contributor level access or higher to modify or delete rating meta on any testimonial post,...

4.3CVSS4.8AI score0.002EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/30 6:10 a.m.5 views

WordPress Strong Testimonials plugin <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update vulnerability

Missing Authorization to Authenticated Contributor+ Rating Meta Update vulnerability discovered by type5afe in WordPress Plugin Strong Testimonials versions = 3.2.18...

4.3CVSS6.7AI score0.002EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/12/30 12:0 a.m.3 views

WordPress plugin Strong Testimonials 安全漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.3AI score0.002EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-54173

Name of the Vulnerable Software and Affected Versions Strong Testimonials plugin for WordPress versions up to and including 3.2.18 Description The Strong Testimonials plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within th...

4.3CVSS6AI score0.002EPSS
Exploits0References7
Patchstack
Patchstack
added 2025/12/28 1:29 p.m.5 views

WordPress Strong Testimonials plugin <= 3.2.20 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Doan Dinh Van in WordPress Plugin Strong Testimonials versions = 3.2.20...

6.5CVSS5.3AI score0.00248EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/17 10:3 a.m.4 views

CVE-2025-67912

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premio Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through = 3.3.4...

6.5CVSS5.9AI score0.00156EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/16 9:31 a.m.3 views

EUVD-2025-203567

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Gal Dubinski Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through = 3.3.4...

6.5CVSS5.5AI score0.00156EPSS
Exploits0References2
NVD
NVD
added 2025/12/16 9:15 a.m.4 views

CVE-2025-67912

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premio Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through = 3.3.4...

6.5CVSS0.00156EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/16 8:12 a.m.1 views

CVE-2025-67912 WordPress Stars Testimonials plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premio Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through = 3.3.4...

6.5CVSS5.9AI score0.00156EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/16 8:12 a.m.34 views

CVE-2025-67912 WordPress Stars Testimonials plugin <= 3.3.4 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Premio Stars Testimonials stars-testimonials-with-slider-and-masonry-grid allows Stored XSS.This issue affects Stars Testimonials: from n/a through = 3.3.4...

6.5CVSS0.00156EPSS
Exploits0References1
CVE
CVE
added 2025/12/16 8:12 a.m.8 views

CVE-2025-67912

CVE-2025-67912 is a stored XSS vulnerability in the WordPress plugin Stars Testimonials — Responsive Reviews & Star Ratings (slider and masonry grid) affecting versions up to and including 3.3.4 . The issue arises from improper input handling during web page generation, enabling attacker-supplied...

6.5CVSS5.9AI score0.00156EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/16 12:0 a.m.3 views

PT-2025-51431

Name of the Vulnerable Software and Affected Versions Gal Dubinski Stars Testimonials versions through 3.3.4 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts...

6.5CVSS6AI score0.00156EPSS
Exploits0References5
CNNVD
CNNVD
added 2025/12/16 12:0 a.m.4 views

WordPress plugin Stars Testimonials 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability exis...

6.5CVSS5.6AI score0.00156EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/14 5:3 a.m.16 views

CVE-2025-14378

The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS5AI score0.0016EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.5 views

EUVD-2025-203231

The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS4.6AI score0.0016EPSS
Exploits0References3
NVD
NVD
added 2025/12/13 4:16 p.m.7 views

CVE-2025-14378

The Quick Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permission...

4.4CVSS0.0016EPSS
Exploits0References2
Rows per page
Query Builder