Lucene search
Asif Nawaz MinhasWPEX-ID:365C09A7-0B10-4145-A415-5C0E9F429AE0HistoryOct 13, 2021 - 12:00 a.m.
Testimonial Builder < 1.6.0 - Admin+ Stored Cross-Site Scripting
2021-10-1300:00:00
Asif Nawaz Minhas
292
admin
testimonial builder
cross-site scripting
stored exploit
EPSS
0.001
Percentile
21.4%
The plugin does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed
As admin, create/edit a testimonial and put the following payload in the Testimonial User Name field: " style=animation-name:rotation onanimationstart=alert(/XSS/)//Related
wpvulndb
wpvulndb
Testimonial Builder < 1.6.0 - Admin+ Stored Cross-Site Scripting
2021-10-13 00:00:00
nvd
nvd
CVE-2021-24598
2021-11-17 11:15:07
patchstack
patchstack
cve
cve
CVE-2021-24598
2021-11-17 11:15:07
cvelist
cvelist
prion
prion
Cross site scripting
2021-11-17 11:15:00
cnvd
cnvd
WordPress Testimonial Plugin Cross-Site Scripting Vulnerability
2021-11-21 00:00:00