Roguecoder

**Name of the Vulnerable Software and Affected Versions** IndiaNIC Testimonial plugin version 2.2 for WordPress **Description** The issue allows remote attackers to hijack the authentication of administrators for various requests, including adding testimonials, listing templates, and widget templates. It also enables the insertion of cross-site scripting (XSS) sequences via multiple parameters, including `project name`, `project url`, `client name`, `client city`, `client state`, `description`, `tags`, `video url`, `is featured`, `title`, `widget title`, `no of testimonials`, `filter by country`, `filter by tags`, and `widget template`, which are sent to the "wp-admin/admin-ajax.php" endpoint. **Recommendations** For IndiaNIC Testimonial plugin version 2.2, consider disabling the `iNIC testimonial save`, `iNIC testimonial save listing template`, and `iNIC testimonial save widget` actions until a patch is available. Restrict access to the `wp-admin/admin-ajax.php` endpoint to minimize the risk of exploitation. Avoid using the parameters `project name`, `project url`, `client name`, `client city`, `client state`, `description`, `tags`, `video url`, `is featured`, `title`, `widget title`, `no of testimonials`, `filter by country`, `filter by tags`, and `widget template` in the affected endpoint until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** IndiaNIC Testimonial plugin version 2.2 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `custom query` parameter in a `testimonial add` action to the "wp-admin/admin-ajax.php" endpoint. **Recommendations** For IndiaNIC Testimonial plugin version 2.2, consider disabling the `testimonial add` action in the "wp-admin/admin-ajax.php" endpoint until a patch is available. Avoid using the `custom query` parameter in the affected endpoint to minimize the risk of exploitation.