{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2716", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-18T20:59:30.749Z", "datePublished": "2026-02-19T09:26:35.600Z", "dateUpdated": "2026-04-08T16:54:33.127Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:54:33.127Z"}, "affected": [{"vendor": "amu02aftab", "product": "Client Testimonial Slider", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "title": "Client Testimonial Slider <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/583b5cd7-a33e-41d0-a389-ac36679d5f22?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-client-testimonial/trunk/include/testimonial-settings.php#L45"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-client-testimonial/tags/2.0/include/testimonial-settings.php#L45"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Nur Ibnu Hubab"}], "timeline": [{"time": "2026-02-18T20:59:42.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-20T20:39:30.256217Z", "id": "CVE-2026-2716", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T20:39:47.212Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-2716", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-20T20:39:30.256217Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-20T20:39:41.804Z"}}], "cna": {"title": "Client Testimonial Slider <= 2.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Testimonial Heading' Setting", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Nur Ibnu Hubab"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "amu02aftab", "product": "Client Testimonial Slider", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-02-18T20:59:42.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/583b5cd7-a33e-41d0-a389-ac36679d5f22?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-client-testimonial/trunk/include/testimonial-settings.php#L45"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-client-testimonial/tags/2.0/include/testimonial-settings.php#L45"}], "descriptions": [{"lang": "en", "value": "The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:54:33.127Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2716", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:54:33.127Z", "dateReserved": "2026-02-18T20:59:30.749Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-02-19T09:26:35.600Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Client Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Testimonial Heading' setting in all versions up to, and including, 2.0. This is due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled."}, {"lang": "es", "value": "El plugin Client Testimonial Slider para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de la configuraci\u00f3n 'Testimonial Heading' en todas las versiones hasta la 2.0, inclusive. Esto se debe a una sanitizaci\u00f3n de entrada y un escape de salida insuficientes. Esto hace posible que atacantes autenticados, con acceso de nivel de Administrador o superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada. Esto solo afecta a las instalaciones multisitio y a las instalaciones donde se ha deshabilitado unfiltered_html."}], "id": "CVE-2026-2716", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-02-19T10:16:12.233", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-client-testimonial/tags/2.0/include/testimonial-settings.php#L45"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wp-client-testimonial/trunk/include/testimonial-settings.php#L45"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/583b5cd7-a33e-41d0-a389-ac36679d5f22?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,2.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Client Testimonial Slider", "source": "cna", "vendor": "amu02aftab"}, "product": "client_testimonial_slider", "vendor": "amu02aftab"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-15T18:08:41.473312+00:00", "value": {"mitigation_remediation": ["Upgrade Client Testimonial Slider to the latest version (greater than 2.0).", "If an upgrade cannot be applied immediately, consider disabling or removing the plugin from the site.", "As a temporary workaround, replace the Testimonial Heading value with a sanitized string (e.g., using wp_strip_all_tags) and ensure output escaping (e.g., esc_html) before display."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting (XSS) via the Testimonial Heading field for administrators"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the Client Testimonial Slider plugin installed at version 2.0 or earlier. The primary affected product is the amu02aftab implementation of Client Testimonial Slider, particularly on multi\u2011site configurations or where the unfiltered_html capability is disabled.", "description_and_impact": "The Client Testimonial Slider plugin for WordPress contains an insufficiently sanitized and unescaped input field, allowing an attacker who has Administrator or higher privileges to embed arbitrary scripts into the Testimonial Heading setting. These scripts are stored and subsequently rendered on any page that displays the testimonial, resulting in a classic stored XSS. The malicious code runs in the context of users who view the affected page, potentially stealing cookies, defacing the site, or performing other client\u2011side attacks. The weakness is classified as CWE\u201179. No escalation beyond the authenticated user\u2019s privileges is required, making the risk limited to those who can edit testimonials.\n\nAffected systems include any WordPress installation running the Client Testimonial Slider plugin version 2.0 or earlier. The vendor name is recognized as amu02aftab and the plugin is affected only on multi\u2011site environments or when the unfiltered_html option is disabled. Users of older releases should verify that they are not running a vulnerable version and that their site configuration matches these conditions.\n\nRisk and exploitability are moderate from a CVSS perspective with a score of 4.4. The EPSS score is below 1% and the vulnerability is not currently listed in the CISA KEV catalog, indicating a low to moderate likelihood of exploitation in the wild. Attackers would need to possess Administrator or higher credentials on a multi\u2011site WordPress site, but the impact of a successful injection could be widespread within that site.\n", "risk_and_exploitability": "The vulnerability carries a CVSS score of 4.4, indicating moderate severity. EPSS is <1%, showing that exploitation is currently rare. The vulnerability is not on the CISA KEV list, so there are no known active supply\u2011chain attacks targeting it. The attack vector requires administrative credentials and a WordPress multi\u2011site or unfiltered_html disabled setup, but with those conditions the attacker can embed arbitrary client\u2011side scripts that run for any site visitor.\n"}}}}, "created": "2026-02-20T10:07:45.975795+00:00", "updated": "2026-04-15T18:15:10.834528+00:00", "vendors": ["amu02aftab", "amu02aftab$PRODUCT$client_testimonial_slider", "wordpress", "wordpress$PRODUCT$wordpress"]}