Hitmyserver Hms Testimonials vulnerabilities
2 known vulnerabilities affecting hitmyserver/hms_testimonials.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2013-4241P3MEDIUMCVSS 6.1PoCfixed in 2.0.11vbefore 2.0.112020-01-30
CVE-2013-4241 [MEDIUM] CWE-79 CVE-2013-4241: Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for
Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (
nvd
CVE-2013-4240P4MEDIUMCVSS 6.8PoC≤ 2.0.10v1.1+20 more2014-04-02
CVE-2013-4240 [MEDIUM] CWE-352 CVE-2013-4240: Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add new testimonials via the hms-testimonials-addnew page, (2) add new groups via the hms-testimonials-addnewgroup page, (3) change default set
nvd