Lucene search

K
wpexploitNguyen Anh TienWPEX-ID:8B6F4A77-4008-4730-9A91-FA055A8B3E68
HistoryFeb 19, 2021 - 12:00 a.m.

Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting

2021-02-1900:00:00
Nguyen Anh Tien
182

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation Edit (WPScanTeam): The https://wordpress.org/plugins/themify-portfolio-post/ plugin also need to be installed for the issue to be exploited. December 3rd, 2020 - Escalated to WP & WP Investigating February 19th, 2021 - No Updates, disclosing

The PoC will be displayed once the issue has been remediated
Related for WPEX-ID:8B6F4A77-4008-4730-9A91-FA055A8B3E68