Security Advisory

CVE-2021-24136

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-03-18 14:57:49

Last updated 2024-08-03 19:21:18

Assigner WPScan

State PUBLISHED

Description

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL

← Browse all CVEs View on cve.org ↗