Stark Digital WP Testimonial Widget Vulnerable to Cross-site Scripting (XSS)
CVE-2024-43967
5.9MEDIUM
Key Information
- Vendor
- Stark Digital
- Status
- WP Testimonial Widget
- Vendor
- CVE Published:
- 26 August 2024
Summary
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Stark Digital WP Testimonial Widget allows Stored XSS.This issue affects WP Testimonial Widget: from n/a through 3.1.
Affected Version(s)
WP Testimonial Widget <= 3.1
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Risk change from: 4.8 to: 5.9 - (MEDIUM)
Vulnerability published.
Vulnerability Reserved.
Collectors
NVD DatabaseMitre Database
Credit
hnwmn (Patchstack Alliance)