Is "Testimonial Rotator" safe?
WordPress Plugin security and safety information.
Rating: Unsafe
Recommendations
Testimonial Rotator: Plugin Details
Type: | Plugin |
Author: | Hal Gatewood |
URL: | https://wordpress.org/plugins/testimonial-rotator/ |
Latest Version: | 3.0.3 |
Testimonial Rotator: Security Information
Insecure versions: | Up To 3.0.3 |
Known since: | 2021-02-22 18:15:00 |
Description: | A stored XSS vulnerability exists where a medium-privileged user(contributor+) can inject arbitrary javascript in a custom field. The XSS can be triggered for other users with the same or higher privilege level, and could lead to privilege escalation. |
Insecure versions: | Up To 3.0.2 |
Known since: | 2020-06-17 15:31:44 |
Description: | A Stored XSS vulnerability has been found in the 'Author Information' textarea in testimonials from the plugin, which could allow an authenticated medium-privileged user (contributor+) to inject arbitrary JavaScript. The XSS will be triggered for anyone visiting public posts or testimonial page listing in the backend. |
Testimonial Rotator: Safety Recommendations
We have rated Testimonial Rotator as Unsafe which means that all versions of the plugin have vulnerabilities.
We recommend that until an update is released do not use Testimonial Rotator.
Testimonial Rotator: Staying Up-to-date
Make sure your installation of Testimonial Rotator is safe with the following free Jetpack services for WordPress sites:
- Updates & Management
Turn on auto-updates for Testimonial Rotator or manage in bulk. - Prevent Infiltrations
Automatic protection against brute force attacks and secure sign on.
Testimonial Rotator: Keeping Safe
If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:
- Automated Backups
Full backup of your entire site with unlimited storage space. - Restores & Migrations
Restore or migrate your site from a backup with one click. - Security Scanning
Regular, automated scans of your site for malware, threats, and hacks. - Expert Support
Fast, priority support for any WordPress security issue.
About this information
This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.
If you have any questions, please do not hesitate to contact us.