Unrated severityNVD Advisory· Published Mar 18, 2021· Updated Aug 3, 2024
Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS
CVE-2021-24136
Description
Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Testimonials Widgetdescription
- Range: <4.0.0
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/537ee410-3833-4e88-9d4a-ee3c72b44ca1mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.