VYPR

Testimonials Widget

by Axelerant

CVEs (2)

  • CVE-2024-4705MedJun 6, 2024
    risk 0.42cvss 6.4epss 0.00

    The Testimonials Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonials shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-37553Jul 6, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Axelerant Testimonials Widget allows Stored XSS.This issue affects Testimonials Widget: from n/a through 4.0.4.