CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-36851 – WordPress Testimonial Slider plugin <= 3.5.8.3 - Cross-Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2021-36851
Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Autenticada (rol de editor o usuario superior) en Web-Settler Testimonial Slider - Free Testimonials Slider Plugin (plugin de WordPress) por medio de los parámetros mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color • https://patchstack.com/database/vulnerability/testimonial-add/wordpress-testimonial-slider-plugin-3-5-8-3-cross-site-scripting-xss-vulnerability https://wordpress.org/plugins/testimonial-add/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •