Testimonial Slider
by WordPress
CVEs (14)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-60126 | Hig | 0.57 | 8.8 | 0.00 | Sep 26, 2025 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider testimonial-add allows PHP Local File Inclusion.This issue affects Testimonial Slider: from n/a through <= 3.5.8.6. | ||
| CVE-2025-30889 | Hig | 0.57 | 8.8 | 0.00 | Apr 3, 2025 | Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through <= 2.0.13. | ||
| CVE-2018-5372 | Hig | 0.57 | 8.8 | 0.01 | Jan 12, 2018 | The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter). | ||
| CVE-2024-13460 | Med | 0.42 | 6.4 | 0.00 | Jan 30, 2025 | The WE – Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Testimonial Author Names in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,… | ||
| CVE-2024-4193 | Med | 0.42 | 6.4 | 0.00 | May 14, 2024 | The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it… | ||
| CVE-2024-30443 | Med | 0.42 | 6.5 | 0.00 | Mar 29, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Testimonial Slider allows Stored XSS.This issue affects GS Testimonial Slider: from n/a through 3.1.4. | ||
| CVE-2015-9417 | Med | 0.42 | 6.5 | 0.01 | Sep 26, 2019 | The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS. | ||
| CVE-2022-44741 | Med | 0.40 | 6.1 | 0.00 | Nov 8, 2022 | Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress. | ||
| CVE-2024-1746 | Med | 0.35 | 5.4 | 0.00 | Apr 15, 2024 | The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in… | ||
| CVE-2025-47481 | Med | 0.34 | 5.3 | 0.00 | May 7, 2025 | Improper Control of Generation of Code ('Code Injection') vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Code Injection.This issue affects GS Testimonial Slider: from n/a through <= 3.2.9. | ||
| CVE-2022-35882 | Med | 0.31 | 4.8 | 0.00 | Jul 28, 2022 | Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress. | ||
| CVE-2025-47467 | Med | 0.28 | 4.3 | 0.00 | May 7, 2025 | Missing Authorization vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Testimonial Slider: from n/a through <= 3.3.0. | ||
| CVE-2024-1745 | Med | 0.28 | 4.3 | 0.00 | Mar 26, 2024 | The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them. | ||
| CVE-2022-40213 | Med | 0.27 | 4.1 | 0.00 | Sep 23, 2022 | Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress. |
- risk 0.57cvss 8.8epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in PluginOps Testimonial Slider testimonial-add allows PHP Local File Inclusion.This issue affects Testimonial Slider: from n/a through <= 3.5.8.6.
- risk 0.57cvss 8.8epss 0.00
Deserialization of Untrusted Data vulnerability in PickPlugins Testimonial Slider testimonial allows Object Injection.This issue affects Testimonial Slider: from n/a through <= 2.0.13.
- risk 0.57cvss 8.8epss 0.01
The Testimonial Slider plugin through 1.2.4 for WordPress has SQL Injection via settings\sliders.php (current_slider_id parameter).
- risk 0.42cvss 6.4epss 0.00
The WE – Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Testimonial Author Names in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,…
- risk 0.42cvss 6.4epss 0.00
The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it…
- risk 0.42cvss 6.5epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Testimonial Slider allows Stored XSS.This issue affects GS Testimonial Slider: from n/a through 3.1.4.
- risk 0.42cvss 6.5epss 0.01
The testimonial-slider plugin through 1.2.1 for WordPress has CSRF with resultant XSS.
- risk 0.40cvss 6.1epss 0.00
Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS) in David Anderson Testimonial Slider plugin <= 1.3.1 on WordPress.
- risk 0.35cvss 5.4epss 0.00
The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in…
- risk 0.34cvss 5.3epss 0.00
Improper Control of Generation of Code ('Code Injection') vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Code Injection.This issue affects GS Testimonial Slider: from n/a through <= 3.2.9.
- risk 0.31cvss 4.8epss 0.00
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.5 at WordPress.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in GS Plugins GS Testimonial Slider gs-testimonial allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Testimonial Slider: from n/a through <= 3.3.0.
- risk 0.28cvss 4.3epss 0.00
The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them.
- risk 0.27cvss 4.1epss 0.00
Multiple Authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in GS Testimonial Slider plugin <= 1.9.6 at WordPress.