Headline
CVE-2021-36857: WordPress Testimonial Builder plugin <= 1.6.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress.
Verified
Fixed
4.8
CVSS 3.1 score Medium severity
Monitoring Coming soon
PSID
c4562a76af28
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires editor or higher role user authentication.
Publicly disclosed
2021-11-07
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Ngo Van Thien (Patchstack Alliance) in WordPress Testimonial Builder plugin (versions <= 1.6.1).
Solution
Update the WordPress Testimonial plugin to the latest available version (at least 1.6.2).
References
Changeset