Vulnerabilities > Themepoints > Testimonials
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-11-14 | CVE-2022-3539 | Unspecified vulnerability in Themepoints Testimonials and Testimonials PRO The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | 4.8 |
| 2022-10-28 | CVE-2021-36858 | Cross-site Scripting vulnerability in Themepoints Testimonials Auth. | 4.8 |