Stored Cross- Site Scripting Vulnerability in Stars Testimonials Plugin
CVE-2024-8989

6.4MEDIUM

Summary

The Free Responsive Testimonials plugin for WordPress is subject to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping on user-supplied attributes through the stars_testimonials shortcode. This flaw impacts all versions leading up to and including 3.3.1. Authenticated users with contributor-level access can exploit this vulnerability, allowing them to inject arbitrary web scripts into pages. When these pages are accessed by other users, the injected scripts execute, potentially compromising user data and site integrity.

Affected Version(s)

Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews – Stars Testimonials * <= 3.3.1

References

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peter Thaleikis
.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.