CVE-2021-24136

CVE-2021-24136: Testimonials Widget < 4.0.0 - Multiple Authenticated Stored XSS

Vendor Unknown
Product Testimonials Widget
Weakness CWE-79 · XSS
Published March 18, 2021
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL

Key dates

02Disclosure timeline

March 18, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE