What the vulnerability does
01Description
Missing Authorization vulnerability in elfsight Elfsight Testimonials Slider elfsight-testimonials-slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elfsight Testimonials Slider: from n/a through <= 1.0.1.
Explanation of Vulnerability in Simple Terms
02Summary
Elfsight Testimonials Slider versions 1.0.1 and earlier lack proper authorization checks, allowing authenticated users to modify or delete testimonials they should not have access to. An attacker with a low-privilege account can alter the integrity of testimonial data or disrupt site functionality. Update to a version newer than 1.0.1.
What an attacker can do
03Attacker Capabilities
Modify or delete testimonials without proper permission.
Potential impact on your site
04Site Impact
Testimonial data can be altered or deleted by unauthorized users, damaging site credibility.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site.
Key dates
06Disclosure timeline
March 31, 2025
CVE published
April 28, 2026
Record updated