Vulnerabilities > Starkdigital > WP Testimonial Widget > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-08-26 CVE-2024-43967 Cross-site Scripting vulnerability in Starkdigital WP Testimonial Widget
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1.
network
low complexity
starkdigital CWE-79
4.8
4.8
2024-08-21 CVE-2024-7390 Missing Authorization vulnerability in Starkdigital WP Testimonial Widget
The WP Testimonial Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnSaveTestimonailOrder function in all versions up to, and including, 3.0.
network
low complexity
starkdigital CWE-862
5.3
5.3