Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation Edit (WPScanTeam): The https://wordpress.org/plugins/themify-portfolio-post/ plugin also need to be installed for the issue to be exploited. December 3rd, 2020 - Escalated to WP & WP Investigating February 19th, 2021 - No Updates, disclosing
The PoC will be displayed once the issue has been remediated
Nguyen Anh Tien - SunCSR (Sun* Cyber Security Research)
Nguyen Anh Tien
Yes
2021-02-19 (about 2 years ago)
2021-02-19 (about 2 years ago)
2021-02-23 (about 2 years ago)