Vulnerabilities and security researches fortestimonial-free testimonial-free

Jun 07, 2024

CVE, Research URL: de07c556153470bf804605a034dd1f6f42fc1f71
Home page URL: Security reports for Real Testimonials
Application: Real Testimonials
Date: Mar 02, 2020
Research Description: Real Testimonials – Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider [testimonial-free] < 2.2 WordPress Testimonial – Best Testimonial Slider plugin <= 2.1.7 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability Authenticated Stored Cross-Site Scripting (XSS) vulnerability discovered by Fortinet in WordPress Testimonial – Best Testimonial Slider plugin (versions <= 2.1.7).
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-4648
Home page URL: Security reports for Real Testimonials
Application: Real Testimonials
Date: Jan 16, 2023
Research Description: The Real Testimonials WordPress plugin before 2.6.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable

Apr 15, 2025

CVE, Research URL: CVE-2025-22269
Home page URL: Security reports for Real Testimonials
Application: Real Testimonials
Date: -
Research Description: Real Testimonials – Testimonial Slider, Carousel, Grid | Collect Customer Reviews and Video Testimonial with Testimonial Form | Social Proof Reviews and Review Slider [testimonial-free] < 3.1.7 CVE-2025-22269
Affected versions: Min -, max -.
Status: vulnerable