cleantalk
Vulnerabilities and Security Researches

Real Testimonials, b608d2d1-b757-427b-a079-32792c2a8d42

CVE, Research URL

b608d2d1-b757-427b-a079-32792c2a8d42

Home page URL

Security reports for Real Testimonials

Application

Real Testimonials

Published on
-
Research Description
Real Testimonials – Testimonial Slider, Collect Customer Reviews and Video Testimonials [testimonial-free] < 2.1.7 Testimonial &lt; 2.2 - Authenticated Stored Cross-Site Scripting (XSS) A stored XSS vulnerability exists in the version of the plugin 2.1.6. Successful exploitation of this vulnerability would allow an authenticated low-privileged user to inject arbitrary javascript code into the plugin gallery image which is viewed by other users.
Affected versions
max 2.1.7.
Status
vulnerable
Previous vulnerability researches
My auctions allegro (CVE-2025-27009) , Apr 16, 2025
My auctions allegro (CVE-2024-11707) , Dec 06, 2024
My auctions allegro (CVE-2025-68567) , Jan 10, 2026
My auctions allegro (CVE-2025-68566) , Jan 10, 2026
My auctions allegro (CVE-2025-12851) , Dec 10, 2025
New vulnerability
Community Lite Video Chat (ba5004a0eabc32b9470115e736d8f49c11d78fee) , Jun 16, 2026
Community Lite Video Chat (fce99c82-3958-4c17-88d3-6e8fa1a11e59) , Jun 16, 2026
Advanced AJAX Product Filters (c5efdac5-06ac-4baa-8c2f-0dd7e6dc1050) , Jun 16, 2026
Advanced AJAX Product Filters (3a563c81d8f23d7675a01ee42f43d5a7e24b7918) , Jun 16, 2026
Advanced AJAX Product Filters (212b7bd37d1d6fe9fb4123bc201baf84cd4ef4c2) , Jun 16, 2026