First published: Thu Mar 18 2021(Updated: )
Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL
Credit: contact@wpscan.com
Affected Software | Affected Version | How to fix |
---|---|---|
Axelerant Testimonials Widget | <4.0.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.