CVE-2024-13114

Name of the Vulnerable Software and Affected Versions WP Projects Portfolio with Client Testimonials WordPress plugin versions 3.0 and earlier

Description The issue is related to a Reflected Cross-Site Scripting that could be used against high privilege users such as admin, due to a parameter not being sanitised and escaped before outputting it back in the page. This could potentially be exploited against users with high privileges.

Recommendations For WP Projects Portfolio with Client Testimonials WordPress plugin versions 3.0 and earlier, consider disabling the plugin until a patch is available to prevent potential exploitation. As a temporary workaround, restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the vulnerable parameter in the affected page until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.