Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation Edit (WPScanTeam): The https://wordpress.org/plugins/themify-portfolio-post/ plugin also need to be installed for the issue to be exploited. December 3rd, 2020 - Escalated to WP & WP Investigating February 19th, 2021 - No Updates, disclosing
The PoC will be displayed once the issue has been remediated