CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4795

The Testimonial Slider Shortcode WordPress plugin before 1.1.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.2%

CVSS Severity

CVSS v3 Score 5.4

References

Products affected by CVE-2023-4795

Sazzadh » Testimonial Slider Shortcode » Version: 1.0

cpe:2.3:a:sazzadh:testimonial_slider_shortcode:1.0
Sazzadh » Testimonial Slider Shortcode » Version: 1.1

cpe:2.3:a:sazzadh:testimonial_slider_shortcode:1.1
Sazzadh » Testimonial Slider Shortcode » Version: 1.1.1

cpe:2.3:a:sazzadh:testimonial_slider_shortcode:1.1.1
Sazzadh » Testimonial Slider Shortcode » Version: 1.1.2

cpe:2.3:a:sazzadh:testimonial_slider_shortcode:1.1.2
Sazzadh » Testimonial Slider Shortcode » Version: 1.1.8

cpe:2.3:a:sazzadh:testimonial_slider_shortcode:1.1.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-4795

Products

Pricing

Contact Us