Testimonial Carousel For Elementor, CVE-2025-8666

CVE, Research URL: CVE-2025-8666
Home page URL: Security reports for Testimonial Carousel For Elementor
Application: Testimonial Carousel For Elementor
Published on: Oct 25, 2025
Research Description: The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in versions less than, or equal to, 11.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 11.7.0.
Status: vulnerable