← Back

Testimonial Builder

testimonial_builder

Vendor: Wpshopmart • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-36857
1Wpshopmart
1Testimonial Builder
Nov 21, 2024
Aug 22, 2022
N/A· v4
5.4 MEDIUM· v3
N/A· v2
Authenticated (editor+) Stored Cross-Site Scripting (XSS) vulnerability in wpshopmart Testimonial Builder plugin <= 1.6.1 at WordPress.
CVE-2021-24598
1Wpshopmart
1Testimonial Builder
Nov 21, 2024
Nov 17, 2021
N/A· v4
4.8 MEDIUM· v3
3.5 LOW· v2
The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed