CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7390

The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0. This makes it possible for unauthenticated attackers to change the order of testimonials.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.9%

CVSS Severity

CVSS v3 Score 5.3

References

Products affected by CVE-2024-7390

Starkdigital » Wp Testimonial Widget » Version: N/A

cpe:2.3:a:starkdigital:wp_testimonial_widget:-
Starkdigital » Wp Testimonial Widget » Version: 1.0.1

cpe:2.3:a:starkdigital:wp_testimonial_widget:1.0.1
Starkdigital » Wp Testimonial Widget » Version: 1.0.2

cpe:2.3:a:starkdigital:wp_testimonial_widget:1.0.2
Starkdigital » Wp Testimonial Widget » Version: 2.0

cpe:2.3:a:starkdigital:wp_testimonial_widget:2.0
Starkdigital » Wp Testimonial Widget » Version: 3.0

cpe:2.3:a:starkdigital:wp_testimonial_widget:3.0
Starkdigital » Wp Testimonial Widget » Version: 3.1

cpe:2.3:a:starkdigital:wp_testimonial_widget:3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-7390

Products

Pricing

Contact Us