CVE-2021-24136

Name of the Vulnerable Software and Affected Versions: Testimonials Widget WordPress plugin versions prior to 4.0.0

Description: The issue is caused by unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, leading to multiple Cross-Site Scripting vulnerabilities. This allows remote attackers to inject arbitrary JavaScript code or HTML via the following parameters: Author, Job Title, Location, Company, Email, and URL.

Recommendations: For versions prior to 4.0.0, update to version 4.0.0 or later to resolve the issue. As a temporary workaround, consider restricting input for the Author, Job Title, Location, Company, Email, and URL parameters to minimize the risk of exploitation.