VulnerAlert



WORDPRESS
15-07-2025 02:20

CVE-2025-7367 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#site
#plugin
#cross
#web
#test
#cross-site
#cross-site scripting
#attackers
#authenticated
#arbitrary
#vulnerable
#scripting
#inject
#execute
#attack
#access
Descripción
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Custom Fields in all versions up to, and including, 3.2.11 due insufficient input sanitization output escaping. This makes it possible authenticated attackers, with Author-level access above, inject arbitrary web scripts pages that will execute whenever a user accesses an injected page.
https://plugins.trac.wordpress.org/browser/strong-testimonials/tags/3.2.11/includes/functions-template.php#L317
https://plugins.trac.wordpress.org/browser/strong-testimonials/tags/3.2.11/includes/functions-template.php#L532
https://www.wordfence.com/threat-intel/vulnerabilities/id/65395034-0b20-462c-93ee-e755e5c888a4?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-7367
Resultados similares
Coincidentes en almenos en 50% de los tags
15-07-2025 CVE-2025-4369
The Companion Auto Update plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
Ver información
15-07-2025 CVE-2025-7360
The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por