WordPress Testimonials plugin <= 3.0.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Vulnerable versions
<= 3.0.1
PSID
e1fad9ba1227
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires contributor or higher role user authentication.
Publicly disclosed
2022-07-19
Patchstack vPatch available since
09.12.2021
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Testimonials plugin (versions <= 3.0.1).
Solution
No patched version is available. No way to contact the vendor.
References