VYPR

Faltu Testimonial Rotator

by WordPress

Source repositories

CVEs (3)

  • CVE-2024-51853MedNov 19, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberuni Azad. Faltu Testimonial Rotator faltu-testimonial-rotator allows DOM-Based XSS.This issue affects Faltu Testimonial Rotator: from n/a through <= 1.0.0.

  • CVE-2021-24156MedApr 5, 2021
    risk 0.35cvss 5.4epss 0.01

    Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation

  • CVE-2020-26672MedOct 16, 2020
    risk 0.35cvss 5.4epss 0.01

    Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database.