CVE-2025-47481
Description
Improper Control of Generation of Code ('Code Injection') vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Code Injection.This issue affects GS Testimonial Slider: from n/a through <= 3.2.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Code injection vulnerability in GS Testimonial Slider plugin (<=3.2.9) allows attackers to inject arbitrary content into WordPress pages, potentially used for phishing.
The GS Testimonial Slider plugin for WordPress suffers from a code injection vulnerability (CVE-2025-47481) due to improper control of code generation. Versions up to and including 3.2.9 are affected. This flaw enables an attacker to inject arbitrary content into pages and posts of the website [1].
Exploitation does not require authentication; any attacker who can supply input to the plugin (e.g., via shortcode or admin panel) can inject malicious content. The vulnerability is actively used in mass-exploit campaigns targeting thousands of websites regardless of size or popularity [1].
The impact of successful exploitation includes the ability to inject phishing pages, defacement, or other malicious content into trusted pages of the site. This can lead to credential theft, malware distribution, or reputational damage [1].
As an immediate mitigation, users should update the plugin to a version newer than 3.2.9. If updating is not possible, contacting a hosting provider or web developer for assistance is recommended [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=3.2.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.