Show filters
4 Total Results
Displaying 1-4 of 4
Sort by:
Attacker Value
Unknown

CVE-2022-45817

Disclosure Date: March 17, 2023 (last updated November 08, 2023)
Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimonials plugin <= 1.3.2 versions.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-4750

Disclosure Date: February 21, 2023 (last updated October 08, 2023)
The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2022-33191

Disclosure Date: July 19, 2022 (last updated February 24, 2025)
Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-24492

Disclosure Date: August 02, 2021 (last updated February 23, 2025)
The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtst_previewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0