Description

Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to privilege escalation

Related CPE's

a

testimonial_rotator_project

testimonial_rotator

3.0.3

*

*

*

*

wordpress

Vulnerable

References

https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA

ExploitThird Party Advisory

https://wpscan.com/vulnerability/8b6f4a77-4008-4730-9a91-fa055a8b3e68

ExploitThird Party Advisory

https://mega.nz/file/ftVSmRCC#ctqUg89CKszEuLO3eeQVazUStTPvoQD6LlbWNSMa7uA

ExploitThird Party Advisory

https://wpscan.com/vulnerability/8b6f4a77-4008-4730-9a91-fa055a8b3e68

ExploitThird Party Advisory

Weaknesses

[email protected]

Secondary
CWE-79

[email protected]

Primary
CWE-79

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.4 · Medium

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-04-05T17:15:14.780Z

5 years ago

Last modified

2024-11-21T04:52:29.173Z

1 year ago