RSS   Vulnerabilities for 'Testimonials widget'   RSS

2021-03-18
 
CVE-2021-24136

CWE-79
 

 
Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL

 


Copyright 2024, cxsecurity.com

 

Back to Top