PT-2025-31138 · WordPress · No Boss Testimonials
Sebastian Jeż
·
Published
2025-07-28
·
Updated
2025-07-29
·
CVE-2025-54299
CVSS v4.0
9.4
Critical
| Vector | AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:N/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
Name of the Vulnerable Software and Affected Versions
No Boss Testimonials versions 1.0.0 through 3.0.0
No Boss Testimonials versions 4.0.0 through 4.0.2
Description
A stored Cross-Site Scripting (XSS) issue exists in the No Boss Testimonials component. This allows an attacker to inject malicious scripts into the application, potentially compromising user accounts or performing unauthorized actions.
Recommendations
Update No Boss Testimonials to a version later than 3.0.0 and earlier than 4.0.0.
Update No Boss Testimonials to a version later than 4.0.2.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
No Boss Testimonials