4 matches found
CVE-2023-5613
CVE-2023-5613 refers to a Stored Cross-Site Scripting vulnerability in the WordPress plugin Super Testimonials . The issue arises from insufficient input sanitization and output escaping in the shortcode attribute handling of the plugin’s tpsscode shortcode, affecting all versions up to and inclu...
CVE-2021-36858
CVE-2021-36858 affects WordPress Themepoints/“Testimonials” plugin versions
CVE-2024-13704
CVE-2024-13704 relates to the WordPress plugin Super Testimonials (also listed in Wordfence). It is a stored cross-site scripting (XSS) vulnerability via the st_user_title parameter in all versions up to 4.0.1, caused by insufficient input sanitization and output escaping. The impact is unauthent...
CVE-2022-3539
The CVE-2022-3539 issue affects the WordPress plugins Testimonials (before 2.7) and Super Testimonial Pro (before 1.0.8). The root cause is a lack of sanitization and escaping of plugin settings, enabling high-privilege users (e.g., admins) to perform cross-site scripting (XSS) even when the unfi...