WordPress Plugin Vulnerabilities

GS Testimonial Slider < 1.9.7 - Author+ Stored Cross-Site Scripting

Description

The plugin does not sanitise and escape some parameters, which could allow users with a role as low as author to perform Stored Cross-Site Scripting attacks

Affects Plugins

Plugin icon
gs-testimonial
Fixed in 1.9.7

References

CVE
CVE-2022-35882

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
4.8 (medium)

Miscellaneous

Original Researcher
Tien Nguyen Anh
Verified
No
WPVDB ID
5d24ab5a-084e-4a25-adb8-2497cc6c8c89

Timeline

Publicly Published
2022-07-27 (about 3 years ago)
Added
2022-07-28 (about 3 years ago)
Last Updated
2023-04-27 (about 3 years ago)

Other

Published
Title
Published
2022-04-19
Title
BMI BMR Calculator <= 1.3 - Reflected Cross-Site Scripting
Published
2025-01-16
Title
Easy Filtering <= 2.5.0 - Reflected Cross-Site Scripting
Published
2024-12-19
Title
Asgard Security Scanner <= 0.7 - Reflected XSS
Published
2025-04-28
Title
Qi Blocks < 1.4 - Contributor+ Stored XSS via ToC Block
Published
2025-03-27
Title
Ultimate Dashboard < 3.8.6 - Admin+ Stored XSS