CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4750 – WP Responsive Testimonials Slider And Widget <= 1.5 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4750
25 Jan 2023 — The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks The WP Responsive Testimonials Slider And Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in versions up to, and including, 1.5 due to in... • https://wpscan.com/vulnerability/7bdc1324-8d08-4185-971f-8d49367702cf • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-45817 – WordPress GC Testimonials Plugin <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)
https://notcve.org/view.php?id=CVE-2022-45817
07 Dec 2022 — Cross-Site Scripting (XSS) vulnerability in Erin Garscadden GC Testimonials plugin <= 1.3.2 versions. The GC Testimonials plugin for WordPress is vulnerable to Cross-Site Scripting via an unknown parameter in versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for contributor-level attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Cross-Site Scripting (XSS) vulnerability in Erin ... • https://patchstack.com/database/vulnerability/gc-testimonials/wordpress-gc-testimonials-plugin-1-3-2-auth-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-33191 – WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2022-33191
19 Jul 2022 — Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Almacenado Autenticado (rol de colaborador o usuario superior) en el plugin Chinmoy Paul's Testimonials versiones anteriores a 3.0.1 incluyéndola, en WordPress The Testimonials plugin for WordPress is vulnerable to Cross-Site Scripting in versions up to, and including, 3.0.1 due to insufficient input... • https://patchstack.com/database/vulnerability/testimonials/wordpress-testimonials-plugin-3-0-1-authenticated-stored-cross-site-scripting-xss-vulnerability • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2021-24492 – Handsome Testimonials & Reviews < 2.1.1 - Authenticated (Subscriber+) SQL Injection
https://notcve.org/view.php?id=CVE-2021-24492
29 Jun 2021 — The hndtst_action_instance_callback AJAX call of the Handsome Testimonials & Reviews WordPress plugin before 2.1.1, available to any authenticated users, does not sanitise, validate or escape the hndtst_previewShortcodeInstanceId POST parameter before using it in a SQL statement, leading to an SQL Injection issue. La llamada AJAX hndtst_action_instance_callback del plugin de WordPress Handsome Testimonials & Reviews versiones anteriores a 2.1.1, disponible para cualquier usuario autenticado, no sanea, c... • https://codevigilant.com/disclosure/2021/wp-plugin-handsome-testimonials • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •