cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score CVE-2024-13115,https://securityvulnerability.io/vulnerability/CVE-2024-13115,Cross-Site Request Forgery and XSS Vulnerabilities in WP Projects Portfolio Plugin,"The WP Projects Portfolio with Client Testimonials plugin lacks proper CSRF checks in certain areas, alongside deficiencies in data sanitisation and escaping mechanisms. This security shortfall can potentially allow attackers to exploit authenticated admin sessions, enabling them to inject Stored XSS payloads through crafted CSRF attacks. Such vulnerabilities underscore the importance of implementing robust security measures to safeguard against unauthorized actions and data manipulation within WordPress environments.",WordPress,WP Projects Portfolio With Client Testimonials,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-04T06:00:03.000Z,true,false,false,,2025-02-04T06:00:03.687Z,0 CVE-2024-13114,https://securityvulnerability.io/vulnerability/CVE-2024-13114,Reflected Cross-Site Scripting Vulnerability in WP Projects Portfolio Plugin by WordPress,"The WP Projects Portfolio with Client Testimonials plugin for WordPress, version 3.0, contains a vulnerability due to improper sanitization and escaping of parameters. This flaw allows an attacker to inject malicious scripts into the output, potentially targeting high privilege users, including administrators. Exploiting this vulnerability could lead to the execution of arbitrary scripts in the context of a victim's browser session, creating a risk of data theft or unintended actions on behalf of the user.",WordPress,WP Projects Portfolio With Client Testimonials,6.1,MEDIUM,0.0004299999854993075,false,,false,false,true,2025-02-04T06:00:02.000Z,true,false,false,,2025-02-04T06:00:02.307Z,0 CVE-2024-13351,https://securityvulnerability.io/vulnerability/CVE-2024-13351,Stored Cross-Site Scripting Vulnerability in Repuso Plugin for WordPress,"The Repuso plugin for WordPress contains a vulnerability due to inadequate input sanitization and output escaping on the 'rw_image_badge1' shortcode. This flaw affects all versions up to and including 5.20, allowing authenticated users with contributor-level access and above to inject arbitrary scripts into pages. When users access these pages, their browsers execute the injected scripts, potentially compromising the integrity of the website and putting user data at risk. Website owners should take immediate action to mitigate the risks associated with this vulnerability by updating to the latest version and implementing security best practices.",Wordpress,Social Proof Testimonials And Reviews By Repuso,7.2,HIGH,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-15T09:25:56.149Z,0 CVE-2024-11429,https://securityvulnerability.io/vulnerability/CVE-2024-11429,Arbitrary File Inclusion Vulnerability in Stars Testimonials Plugin,"The Stars Testimonials plugin for WordPress, developed by Free Responsive Testimonials, contains a Local File Inclusion vulnerability that affects all versions up to and including 3.3.3. Through the use of the 'stars-testimonials-with-slider-and-masonry-grid' shortcode, authenticated users with contributor-level access or higher can exploit this vulnerability. This allows attackers to include and execute arbitrary PHP files on the server, which can lead to unauthorized access to sensitive data and the potential execution of malicious PHP code. The vulnerability poses significant security risks as it enables bypassing access controls and may facilitate further exploitation on compromised systems.",Wordpress,"Free Responsive Testimonials, Social Proof Reviews, And Customer Reviews – Stars Testimonials",8.8,HIGH,0.0005600000149570405,false,,false,false,false,,,false,false,,2024-12-05T05:26:10.257Z,0 CVE-2024-8989,https://securityvulnerability.io/vulnerability/CVE-2024-8989,Stored Cross- Site Scripting Vulnerability in Stars Testimonials Plugin,"The Free Responsive Testimonials plugin for WordPress is subject to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping on user-supplied attributes through the stars_testimonials shortcode. This flaw impacts all versions leading up to and including 3.3.1. Authenticated users with contributor-level access can exploit this vulnerability, allowing them to inject arbitrary web scripts into pages. When these pages are accessed by other users, the injected scripts execute, potentially compromising user data and site integrity.",Wordpress,"Free Responsive Testimonials, Social Proof Reviews, And Customer Reviews – Stars Testimonials",6.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-01T07:30:15.356Z,0 CVE-2024-9127,https://securityvulnerability.io/vulnerability/CVE-2024-9127,Stored Cross-Site Scripting Vulnerability in Super Testimonials Plugin for WordPress,"The Super Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘alignment’ parameter in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Super Testimonials,5.4,MEDIUM,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-09-26T09:29:41.207Z,0 CVE-2024-8199,https://securityvulnerability.io/vulnerability/CVE-2024-8199,Unauthorized Modification of Data Passwords in The Reviews Feed Plugin,"The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress contains a security flaw that allows authorized users with Subscriber-level access or higher to modify sensitive data. This vulnerability arises due to a missing capability check within the 'update_api_key' function, potentially enabling attackers to change API Key options without proper authorization. All versions up to and including 1.1.2 are impacted, highlighting the need for prompt action to secure affected installations.",Wordpress,"Reviews Feed – Add Testimonials And Customer Reviews From Google Reviews, Yelp, Tripadvisor, And More",4.3,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-08-27T15:32:32.328Z,0 CVE-2024-8200,https://securityvulnerability.io/vulnerability/CVE-2024-8200,Cross-Site Request Forgery Vulnerability in The Reviews Feed Plugin,"The Reviews Feed plugin for WordPress is susceptible to Cross-Site Request Forgery (CSRF) attacks, affecting all versions up to and including 1.1.2. This vulnerability arises from improper nonce validation within the 'update_api_key' function. As a result, attackers can exploit this weakness to send forged requests that update an API key without authentication. If a site administrator is tricked into performing an action, such as clicking a malicious link, an attacker can gain unauthorized control over API configurations, potentially leading to further security breaches.",Wordpress,"Reviews Feed – Add Testimonials And Customer Reviews From Google Reviews, Yelp, Tripadvisor, And More",4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2024-08-27T15:32:31.676Z,0 CVE-2024-7390,https://securityvulnerability.io/vulnerability/CVE-2024-7390,Unauthorized Modification of Testimonials Possible in WP Testimonial Widget Plugin,"The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to change the order of testimonials.",Wordpress,WP Testimonial Widget,5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,,false,false,,2024-08-21T05:30:20.660Z,0 CVE-2024-2337,https://securityvulnerability.io/vulnerability/CVE-2024-2337,Stored Cross-Site Scripting Vulnerability Affects Easy Testimonials Plugin,"The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Easy Testimonials,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-20T02:37:14.391Z,0 CVE-2023-6491,https://securityvulnerability.io/vulnerability/CVE-2023-6491,Unauthorized Modification of Data in Strong Testimonials Plugin for WordPress,"The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.",Wordpress,Strong Testimonials,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-06-07T05:33:46.516Z,0 CVE-2024-4705,https://securityvulnerability.io/vulnerability/CVE-2024-4705,Stored Cross-Site Scripting Vulnerability in Testimonials Widget Plugin for WordPress,"The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Testimonials Widget,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-06-06T02:15:00.000Z,0 CVE-2024-2253,https://securityvulnerability.io/vulnerability/CVE-2024-2253,Stored Cross-Site Scripting Vulnerability in Elementor's Testimonial Carousel Plugin,"The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URL values the plugin's carousel widgets in all versions up to, and including, 10.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Testimonial Carousel For Elementor,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-30T03:34:29.705Z,0 CVE-2024-4858,https://securityvulnerability.io/vulnerability/CVE-2024-4858,Unauthorized Modification of Data in Testimonial Carousel Plugin for WordPress Due to Missing Capability Check,"The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.",Wordpress,Testimonial Carousel For Elementor,5.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-05-25T02:50:07.385Z,0 CVE-2024-4698,https://securityvulnerability.io/vulnerability/CVE-2024-4698,Stored Cross-Site Scripting Vulnerability in Elementor's Testimonial Carousel Plugin,"The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'show_line_text ' and 'slide_button_hover_animation' parameters in versions up to, and including, 10.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Testimonial Carousel For Elementor,6.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2024-05-18T07:38:34.164Z,0 CVE-2024-4193,https://securityvulnerability.io/vulnerability/CVE-2024-4193,Stored Cross-Site Scripting Vulnerability in Testimonial Slider Plugin for WordPress,"The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Testimonial Slider,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-05-14T15:43:00.000Z,0 CVE-2024-3261,https://securityvulnerability.io/vulnerability/CVE-2024-3261,Stored Cross-Site Scripting Vulnerability in Strong Testimonials WordPress Plugin,"The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed",Wordpress,Strong Testimonials,,,0.0004299999854993075,false,,false,false,true,2024-04-24T04:00:03.000Z,true,false,false,,2024-04-24T05:00:03.121Z,0 CVE-2024-1746,https://securityvulnerability.io/vulnerability/CVE-2024-1746,Stored Cross-Site Scripting (XSS) Vulnerability in Testimonial Slider WordPress Plugin,"The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Testimonial Slider,,,0.0004299999854993075,false,,false,false,true,2024-04-15T04:00:04.000Z,true,false,false,,2024-04-15T05:00:04.460Z,0 CVE-2024-1745,https://securityvulnerability.io/vulnerability/CVE-2024-1745,Plugin Vulnerability Allows Author Users to Edit Sensitive Settings,"The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them.",Wordpress,Testimonial Slider,,,0.0004299999854993075,false,,false,false,true,2024-03-26T05:00:02.000Z,true,false,false,,2024-03-26T05:00:02.299Z,0 CVE-2023-4795,https://securityvulnerability.io/vulnerability/CVE-2023-4795,Testimonial Slider Shortcode < 1.1.9 - Contributor+ Stored XSS,"The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin",Wordpress,Testimonial Slider Shortcode,5.4,MEDIUM,0.0005200000014156103,false,,false,false,false,,,false,false,,2023-10-16T20:15:00.000Z,0 CVE-2020-36749,https://securityvulnerability.io/vulnerability/CVE-2020-36749,Cross-Site Request Forgery in Easy Testimonials Plugin for WordPress,"The Easy Testimonials plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the saveCustomFields() function. This flaw allows unauthenticated attackers to exploit the plugin by persuading a site administrator to unknowingly execute an action via a malicious link. Attackers can manipulate the plugin's functionality and potentially compromise site integrity, thus affecting users' experience and trust.",Wordpress,Easy Testimonials,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-07-01T05:33:30.326Z,0 CVE-2023-2178,https://securityvulnerability.io/vulnerability/CVE-2023-2178,Aajoda Testimonials < 2.2.2 - Admin+ Stored XSS,"The Aajoda Testimonials WordPress plugin before 2.2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,Aajoda Testimonials,4.8,MEDIUM,0.001069999998435378,false,,false,false,false,,,false,false,,2023-06-27T14:15:00.000Z,0 CVE-2023-1372,https://securityvulnerability.io/vulnerability/CVE-2023-1372,Stored Cross-Site Scripting Vulnerability in WH Testimonials Plugin for WordPress,"The WH Testimonials plugin for WordPress is exposed to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping. Attackers can exploit this weakness by injecting malicious scripts into various parameters, including wh_homepage, wh_text_short, and wh_text_full. Once a user accesses a compromised page, the injected scripts execute, potentially leading to unauthorized actions or data theft. This vulnerability affects all versions of the plugin up to and including 3.0.0.",Wordpress,WH Testimonials,6.1,MEDIUM,0.0010300000431016088,false,,false,false,false,,,false,false,,2023-03-13T13:15:00.000Z,0 CVE-2022-4750,https://securityvulnerability.io/vulnerability/CVE-2022-4750,WP Responsive Testimonials Slider And Widget <= 1.5 - Contributor+ Stored XSS,"The WP Responsive Testimonials Slider And Widget WordPress plugin through 1.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks",Wordpress,WP Responsive Testimonials Slider And Widget,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-21T08:50:45.322Z,0 CVE-2022-4717,https://securityvulnerability.io/vulnerability/CVE-2022-4717,Strong Testimonials < 3.0.3 - Contributor+ Stored XSS via Shortcode,"The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Strong Testimonials,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2023-02-06T19:59:15.762Z,0