Vulnerabilities and security researches fortestimonial-slider-and-showcase testimonial-slider-and-showcase

Jun 07, 2024

CVE, Research URL: CVE-2024-1746
Home page URL: Security reports for Testimonial Slider
Application: Testimonial Slider
Date: Apr 15, 2024
Research Description: The Testimonial Slider WordPress plugin before 2.3.8 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Affected versions: max 2.3.8.
Status: vulnerable

CVE, Research URL: 11d8d5fbd63c5f993de5ca55af3f86d05727ff54
Home page URL: Security reports for Testimonial Slider
Application: Testimonial Slider
Date: Aug 05, 2022
Research Description: Testimonial – Testimonial Slider and Showcase Plugin [testimonial-slider-and-showcase] < 2.2.7 Testimonial Slider <= 2.2.6 - Stored Cross-Site Scripting The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post_title parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.2.7.
Status: vulnerable

CVE, Research URL: CVE-2024-1745
Home page URL: Security reports for Testimonial Slider
Application: Testimonial Slider
Date: Mar 26, 2024
Research Description: The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them.
Affected versions: max 2.3.7.
Status: vulnerable

May 12, 2026

CVE, Research URL: CVE-2022-50947
Home page URL: Security reports for Testimonial Slider
Application: Testimonial Slider
Date: May 10, 2026
Research Description: WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title parameter. Attackers with editor privileges can inject JavaScript payloads through the testimonial title field that execute in the browsers of users viewing the draft post, enabling cookie theft and session hijacking.
Affected versions: max 2.2.6.
Status: vulnerable