VYPR

Testimonial

by WordPress

Source repositories

CVEs (4)

  • CVE-2025-30889HigApr 3, 2025
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through <= 2.0.13.

  • CVE-2025-62929MedOct 27, 2025
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in PickPlugins Testimonial Slider testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Testimonial Slider: from n/a through <= 2.0.15.

  • CVE-2022-4648MedJan 16, 2023
    risk 0.35cvss 5.4epss 0.00

    The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used…

  • CVE-2021-24598MedNov 17, 2021
    risk 0.31cvss 4.8epss 0.01

    The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed