Headline
CVE-2022-35882: WordPress GS Testimonial Slider plugin <= 1.9.1 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability - Patchstack
Authenticated (author or higher user role) Stored Cross-Site Scripting (XSS) vulnerability in GS Plugins GS Testimonial Slider plugin <= 1.9.1 at WordPress.
Verified
Not fixed
4.8
CVSS 3.1 score Medium severity
Monitoring Coming soon
Software
GS Testimonial Slider
Vulnerable versions
<= 1.9.1
PSID
4b2c77540de2
Classification
Cross Site Scripting (XSS)
OWASP Top 10
A7: Cross-Site Scripting (XSS)
Required privilege
Requires author or higher role user authentication.
Publicly disclosed
2022-07-27
Details
Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Tien Nguyen Anh (Patchstack Alliance) in WordPress GS Testimonial Slider plugin (versions <= 1.9.1).
Solution
No patched version is available.
References