Testimonial Carousel For Elementor, CVE-2025-8666
- CVE, Research URL
- Home page URL
- Application
- Published on
- Oct 25, 2025
- Research Description
- The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions less than, or equal to, 11.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Affected versions
-
max 11.7.0.
- Status
-
vulnerable
| Previous vulnerability researches |
|---|
| One Click Accessibility (CVE-2025-32640) , Apr 10, 2025 |
| One Click Accessibility (CVE-2025-10700) , Nov 10, 2025 |