Vulnerability Description
Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_color, mpsp_posts_description_color, mpsp_slide_nav_button_color.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Web-Settler | Testimonial Slider | <= 3.5.8.3 |
Related Weaknesses (CWE)
References
- https://patchstack.com/database/vulnerability/testimonial-add/wordpress-testimonThird Party Advisory
- https://wordpress.org/plugins/testimonial-add/#developersRelease NotesThird Party Advisory
- https://patchstack.com/database/vulnerability/testimonial-add/wordpress-testimonThird Party Advisory
- https://wordpress.org/plugins/testimonial-add/#developersRelease NotesThird Party Advisory
FAQ
What is CVE-2021-36851?
CVE-2021-36851 is a vulnerability with a CVSS score of 4.1 (MEDIUM). Authenticated (editor or higher user role) Cross-Site Scripting (XSS) vulnerability in Web-Settler Testimonial Slider – Free Testimonials Slider Plugin (WordPress plugin) via parameters mpsp_posts_bg_...
How severe is CVE-2021-36851?
CVE-2021-36851 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-36851?
Check the references section above for vendor advisories and patch information. Affected products include: Web-Settler Testimonial Slider.