WordPress GS Testimonial Slider plugin <= 1.9.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Vulnerable versions
<= 1.9.6
PSID
4b2c77540de2
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires author or higher role user authentication.
Publicly disclosed
2022-07-27
Patchstack vPatch available since
09.12.2021
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance) in WordPress GS Testimonial Slider plugin (versions <= 1.9.7).
Solution
Update the WordPress GS Testimonial Slider plugin to the latest available version (at least 1.9.7).
References