CVE-2022-50947

Name of the Vulnerable Software and Affected Versions Testimonial Slider and Showcase version 2.2.6

Description A stored cross-site scripting issue exists where authenticated editors can inject malicious scripts due to insufficient sanitization of the post title parameter. Attackers with editor privileges can use the testimonial title field to inject JavaScript payloads that execute in the browsers of users viewing the draft post, potentially leading to session hijacking and cookie theft.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.