CVE-2025-13897

Name of the Vulnerable Software and Affected Versions Client Testimonial Slider versions up to and including 2.0

Description The Client Testimonial Slider plugin for WordPress is susceptible to Stored Cross-Site Scripting through the aft testimonial meta name custom field within the Client Information metabox. Insufficient input sanitization and output escaping of user-supplied attributes allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected administrative page. The vulnerability affects the aft testimonial meta name field.

Recommendations Versions prior to and including 2.0 should be updated.