Lucene search
Dmitrii IgnatyevWPEX-ID:B8390B4A-B43F-4BF6-A61B-DFCBC7B2E7A0HistorySep 25, 2023 - 12:00 a.m.
Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS
2023-09-2500:00:00
Dmitrii Ignatyev
29
testimonial slider
stored xss
contributor
exploit
security loophole
Description The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin
[tss_item text=Β»Abelson has been an amazing firm to work with. Lorem changed the company.Β» name=Β»JOHN SAMPSON LPΒ» link='" onmouseover="alert(/XSS/)"'/]Related
wpvulndb
wpvulndb
Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS
2023-09-25 00:00:00
nvd
nvd
CVE-2023-4795
2023-10-16 20:15:16
cvelist
cvelist
CVE-2023-4795 Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS
2023-10-16 19:39:03
prion
prion
Cross site scripting
2023-10-16 20:15:00
cve
cve
CVE-2023-4795
2023-10-16 20:15:16
5.9 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
14.2%
Related for WPEX-ID:B8390B4A-B43F-4BF6-A61B-DFCBC7B2E7A0