cleantalk
Vulnerabilities and Security Researches

Testimonial Slider, CVE-2022-50947

CVE, Research URL

CVE-2022-50947

Home page URL

Security reports for Testimonial Slider

Application

Testimonial Slider

Published on
May 10, 2026
Research Description
WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title parameter. Attackers with editor privileges can inject JavaScript payloads through the testimonial title field that execute in the browsers of users viewing the draft post, enabling cookie theft and session hijacking.
Affected versions
max 2.2.6.
Status
vulnerable
Previous vulnerability researches
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-24573) , Jan 26, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-1926) , Mar 10, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-13427) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-4223) , May 25, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2025-2104) , Mar 14, 2025
New vulnerability
Testimonial Slider (CVE-2022-50947) , May 12, 2026
Simple Cloudflare Turnstile – CAPTCHA Alternative (CVE-2026-40799) , May 12, 2026
IP2Location Country Blocker (CVE-2022-50961) , May 12, 2026
Jetpack – WP Security, Backup, Speed, & Growth (CVE-2022-50958) , May 11, 2026
Error Log Monitor, Activity Logs, User Activity Tracking from Logtivity (CVE-2026-8198) , May 11, 2026