Cross-Site Scripting Vulnerability in TC Testimonials by Imran Emu
CVE-2025-49410
6.5MEDIUM
What is CVE-2025-49410?
A Cross-Site Scripting (XSS) vulnerability in the TC Testimonials plugin by Imran Emu permits attackers to inject malicious scripts into web pages. This flaw allows stored XSS attacks that can compromise user sessions, deface websites, or redirect users to malicious sites. Affected versions of TC Testimonials include all prior to 1.1.1, emphasizing the need for timely updates and robust web security practices.
Affected Version(s)
TC Testimonials <= 1.1.1