Vulnerabilities > Themepoints > Testimonials > 1.0

DATE CVE VULNERABILITY TITLE RISK
2022-11-14 CVE-2022-3539 Cross-site Scripting vulnerability in Themepoints Testimonials and Testimonials PRO
The Testimonials WordPress plugin before 2.7, super-testimonial-pro WordPress plugin before 1.0.8 do not sanitize and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
network
low complexity
themepoints CWE-79
4.8
4.8
2022-10-28 CVE-2021-36858 Cross-site Scripting vulnerability in Themepoints Testimonials
Auth.
network
low complexity
themepoints CWE-79
4.8
4.8