CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4193 – Testimonial Slider <= 1.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2024-4193
03 May 2024 — The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Testimonial Slider para WordPress es vuln... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3080579%40testimonial-slider&new=3080579%40testimonial-slider&sfp_email=&sfph_mail= • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1746 – Testimonial Slider < 2.3.8 - Admin+ Stored XSS
https://notcve.org/view.php?id=CVE-2024-1746
25 Mar 2024 — The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) El complemento Testimonial Slider de WordPress anterior a 2.3.8 no sanitiza ni escapa a algunas de sus configuraciones, lo que podría permitir a usuarios con privilegios elevados, como el administrador, realizar ataques ... • https://wpscan.com/vulnerability/5f35572a-4129-4fe0-a465-d25f4c3b4419 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1745 – Testimonial Slider < 2.3.7 - Author+ Settings Update
https://notcve.org/view.php?id=CVE-2024-1745
05 Mar 2024 — The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them. El complemento Testimonial Slider de WordPress anterior a 2.3.7 no garantiza adecuadamente que un usuario tenga las capacidades necesarias para editar ciertas configuraciones sensibles del complemento Testimonial Slider de WordPress ... • https://wpscan.com/vulnerability/b63bbfeb-d6f7-4c33-8824-b86d64d3f598 • CWE-862: Missing Authorization •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44741 – WordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2022-44741
07 Nov 2022 — Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. Vulnerabilidad de Cross-Site Request Forgery (CSRF) que conduce a Cross-Site Scripting (XSS) en el complemento David Anderson Testimonial Slider de Wordpress en versiones <= 1.3.1. The Testimonial Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing nonce validation on the... • https://patchstack.com/database/vulnerability/testimonial-slider/wordpress-testimonial-slider-plugin-1-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36851 – WordPress Testimonial Slider plugin <= 3.5.8.3 - Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36851
04 Apr 2022 — Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Autenticada (rol de editor o usuario superior) en Web-Settler Testimonial Slider - Free Testimonials Slider Plugin (plugin de WordPress) por medio de los parámetros mpsp_posts_bg_color, mpsp_p... • https://patchstack.com/database/vulnerability/testimonial-add/wordpress-testimonial-slider-plugin-3-5-8-3-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-5372 – Testimonial Slider < 1.2.5 - SQL Injection
https://notcve.org/view.php?id=CVE-2018-5372
10 Jan 2018 — The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). El plugin Testimonial Slider hasta la versión 1.2.4 para WordPress tiene inyección SQL mediante settings\sliders.php (parámetro current_slider_id). • http://www.defensecode.com/advisories/DC-2018-01-005_WordPress_Testimonial_Slider_Plugin_Advisory.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-9417 – Testimonial Slider <= 1.2.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2015-9417
01 Sep 2015 — The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. El plugin testimonial-slider versiones hasta 1.2.1 para WordPress, presenta una vulnerabilidad de tipo CSRF con un XSS resultante. The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Slider Name Section in versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web ... • https://wordpress.org/plugins/testimonial-slider/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •