logo
DATABASE RESOURCES PRICING ABOUT US

Testimonial Rotator <= 3.0.3 - Authenticated Stored Cross-Site Scripting

Description

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation Edit (WPScanTeam): The https://wordpress.org/plugins/themify-portfolio-post/ plugin also need to be installed for the issue to be exploited. December 3rd, 2020 - Escalated to WP & WP Investigating February 19th, 2021 - No Updates, disclosing


Related