WordPress Plugin Vulnerabilities

HMS Testimonials 2.0.10 - XSS

Description

The HMS Testimonials WordPress plugin was affected by a XSS security vulnerability.

Affects Plugins

Plugin icon
hms-testimonials
Fixed in 2.0.11

References

CVE
CVE-2013-4241
Exploitdb
27531
URL
https://packetstormsecurity.com/files/#122761/

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Verified
No
WPVDB ID
d50ee458-faf3-46e7-a223-7e2b262d60c4

Timeline

Publicly Published
2014-08-01 (about 11 years ago)
Added
2014-08-01 (about 11 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-09-05
Title
LA-Studio Element Kit for Elementor < 1.5.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Multiple Widgets
Published
2025-11-20
Title
Display Pages Shortcode <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2026-02-12
Title
Customer Reviews for WooCommerce < 5.98.0 - Unauthenticated Stored Cross-Site Scripting via media[].href Parameter
Published
2023-11-30
Title
Related Post < 2.0.54 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-02-03
Title
WP doodlez <= 1.0.10 - Unauthenticated Stored Cross-Site Scripting