VYPR
Unrated severityNVD Advisory· Published Mar 18, 2021· Updated Aug 3, 2024

Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS

CVE-2021-24136

Description

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.