WordPress Plugin Vulnerabilities

Testimonial Slider < 1.3.2 - Authenticated Stored Cross-Site Scripting (XSS) & CSRF

Description

This vulnerability needs administrator privileges to exploit. Editor and author roles do not have the necessary permissions to create new sliders, contrary to what the original advisory says.

However, this vulnerability can be exploited by a malicious actor by combining the XSS with CSRF to compromise a WordPress blog.

Affects Plugins

Plugin icon
testimonial-slider
Fixed in 1.3.2

References

CVE
CVE-2015-9417
URL
https://packetstormsecurity.com/files/#133376/

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
Yes
WPVDB ID
b5a90190-81ab-4962-92ba-4ec2133c6c8c

Timeline

Publicly Published
2015-09-01 (about 10 years ago)
Added
2015-09-02 (about 10 years ago)
Last Updated
2023-08-07 (about 2 years ago)

Other

Published
Title
Published
2019-06-07
Title
ConvertPlus <= 3.4.4 - Multiple Issues
Published
2015-03-16
Title
Ultimate Member < 1.0.84 - Multiple Vulnerabilities
Published
2014-08-01
Title
Slash WP - FPD, XSS & CS vulnerabilities
Published
2019-06-10
Title
Online Lesson Booking <= 0.8.6 - CSRF & XSS
Published
2015-07-11
Title
CP Contact Form with Paypal <= 1.1.5 - Multiple Vulnerabilities