VYPR

Testimonial Slider

by WordPress

CVEs (14)

  • CVE-2025-60126HigSep 26, 2025
    risk 0.57cvss 8.8epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider testimonial-add allows PHP Local File Inclusion.This issue affects Testimonial Slider: from n/a through <= 3.5.8.6.

  • CVE-2025-30889HigApr 3, 2025
    risk 0.57cvss 8.8epss 0.00

    Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through <= 2.0.13.

  • CVE-2018-5372HigJan 12, 2018
    risk 0.57cvss 8.8epss 0.01

    The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).

  • CVE-2024-13460MedJan 30, 2025
    risk 0.42cvss 6.4epss 0.00

    The WE – Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Testimonial Author Names in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…

  • CVE-2024-4193MedMay 14, 2024
    risk 0.42cvss 6.4epss 0.00

    The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…

  • CVE-2024-30443MedMar 29, 2024
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Testimonial Slider allows Stored XSS.This issue affects GS Testimonial Slider: from n/a through 3.1.4.

  • CVE-2015-9417MedSep 26, 2019
    risk 0.42cvss 6.5epss 0.01

    The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.

  • CVE-2022-44741MedNov 8, 2022
    risk 0.40cvss 6.1epss 0.00

    Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.

  • CVE-2024-1746MedApr 15, 2024
    risk 0.35cvss 5.4epss 0.00

    The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…

  • CVE-2025-47481MedMay 7, 2025
    risk 0.34cvss 5.3epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Code Injection.This issue affects GS Testimonial Slider: from n/a through <= 3.2.9.

  • CVE-2022-35882MedJul 28, 2022
    risk 0.31cvss 4.8epss 0.00

    Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress.

  • CVE-2025-47467MedMay 7, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Testimonial Slider: from n/a through <= 3.3.0.

  • CVE-2024-1745MedMar 26, 2024
    risk 0.28cvss 4.3epss 0.00

    The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them.

  • CVE-2022-40213MedSep 23, 2022
    risk 0.27cvss 4.1epss 0.00

    Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress.