2 matches found
CVE-2022-35882
CVE-2022-35882 concerns the GS Testimonial Slider plugin for WordPress, affected up to version 1.9.5. The vulnerability is an authenticated Stored Cross-Site Scripting (XSS) issue, exploitable by a user with author or higher privileges. Root cause details across sources indicate insufficient sani...
CVE-2022-40213
The CVE concerns the WordPress GS Testimonial Slider plugin with versions prior to 1.9.7, where multiple authenticated Stored Cross-Site Scripting (XSS) vulnerabilities exist due to insufficient input filtering/escaping. An attacker with contributor+ privileges can inject scripts that are stored ...