cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-44741,https://securityvulnerability.io/vulnerability/CVE-2022-44741,WordPress Testimonial Slider plugin <= 1.3.1 - Cross-Site Request Forgery (CSRF) vulnerability,Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.,Wordpress,Testimonial Slider (WordPress Plugin),6.1,MEDIUM,0.0010100000072270632,false,,false,false,false,,false,false,2022-11-08T19:15:00.000Z,0
CVE-2021-36858,https://securityvulnerability.io/vulnerability/CVE-2021-36858,WordPress Testimonials plugin <= 2.6 - Auth. Stored Cross-Site Scripting (XSS) vulnerability,Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Themepoints Testimonials plugin <= 2.6 on WordPress.,Wordpress,Testimonials (WordPress Plugin),4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-10-28T16:15:00.000Z,0
CVE-2022-40213,https://securityvulnerability.io/vulnerability/CVE-2022-40213,WordPress GS Testimonial Slider plugin <= 1.9.6 - Multiple Authenticated Stored Cross-Site Scripting (XSS) vulnerabilities,Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress.,Wordpress,Gs Testimonial Slider (WordPress Plugin),4.1,MEDIUM,0.0005099999834783375,false,,false,false,false,,false,false,2022-09-23T14:15:00.000Z,0
CVE-2021-36857,https://securityvulnerability.io/vulnerability/CVE-2021-36857,WordPress Testimonial Builder plugin <= 1.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability,Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress.,Wordpress,Testimonial (WordPress Plugin),4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-08-22T15:15:00.000Z,0
CVE-2022-35882,https://securityvulnerability.io/vulnerability/CVE-2022-35882,WordPress GS Testimonial Slider plugin <= 1.9.5 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability,Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress.,Wordpress,Gs Testimonial Slider (WordPress Plugin),4.8,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-07-27T00:00:00.000Z,0
CVE-2022-33191,https://securityvulnerability.io/vulnerability/CVE-2022-33191,WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability,Authenticated (contributor or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in Chinmoy Paul's Testimonials plugin <= 3.0.1 at WordPress.,Wordpress,Testimonials (WordPress Plugin),4.1,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-07-22T17:15:00.000Z,0
CVE-2021-36851,https://securityvulnerability.io/vulnerability/CVE-2021-36851,WordPress Testimonial Slider plugin <= 3.5.8.3 - Cross-Site Scripting (XSS) vulnerability,"Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color.",Wordpress,Testimonial Slider – Free Testimonials Slider Plugin (WordPress Plugin),4.1,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,2022-04-04T00:00:00.000Z,0
CVE-2022-23912,https://securityvulnerability.io/vulnerability/CVE-2022-23912,AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting,"The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not sanitise and escape the id parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting",Wordpress,Testimonial WordPress Plugin – Ap Custom Testimonial,6.1,MEDIUM,0.0006900000153109431,false,,false,false,false,,false,false,2022-02-28T09:06:59.000Z,0
CVE-2022-23911,https://securityvulnerability.io/vulnerability/CVE-2022-23911,AP Custom Testimonial < 1.4.8 - Admin+ SQL Injection,"The Testimonial WordPress Plugin WordPress plugin before 1.4.7 does not validate and escape the id parameter before using it in a SQL statement when retrieving a testimonial to edit, leading to a SQL Injection",Wordpress,Testimonial WordPress Plugin – Ap Custom Testimonial,7.2,HIGH,0.0009800000116229057,false,,false,false,false,,false,false,2022-02-28T09:06:57.000Z,0
CVE-2017-9418,https://securityvulnerability.io/vulnerability/CVE-2017-9418,,SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.,Wordpress,Testimonials Plugin Easy Testimonials,8.8,HIGH,0.0012199999764561653,false,,false,false,false,,false,false,2017-06-12T13:00:00.000Z,0
CVE-2013-5672,https://securityvulnerability.io/vulnerability/CVE-2013-5672,,"Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an iNIC_testimonial_save_listing_template action; (3) add a widget template via an iNIC_testimonial_save_widget action; insert cross-site scripting (XSS) sequences via the (4) project_name, (5) project_url, (6) client_name, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, or (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, or (18) widget_template parameter to wp-admin/admin-ajax.php.",Wordpress,Testimonial Plugin,,,0.013450000435113907,false,,false,false,false,,false,false,2013-09-10T19:00:00.000Z,0
CVE-2013-5673,https://securityvulnerability.io/vulnerability/CVE-2013-5673,,SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php.,Wordpress,Testimonial Plugin,,,0.01372000016272068,false,,false,false,false,,false,false,2013-09-10T19:00:00.000Z,0