Testimonial Rotator Project: >> Testimonial Rotator Security Vulnerabilities
Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation
CVSS Score
5.4
EPSS Score
0.002
Published
2021-04-05
Testimonial Rotator Wordpress Plugin 3.0.2 is affected by Cross Site Scripting (XSS) in /wp-admin/post.php. If a user intercepts a request and inserts a payload in "cite" parameter, the payload will be stored in the database.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-10-16