Clean Testimonials - Reflected cross-site scripting (XSS)
Summary
| Name | Clean Testimonials 1.5.2. - Reflected cross-site scripting (XSS) |
| Code name | skims-0025 |
| Product | Clean Testimonials |
| Affected versions | Version 1.5.2. |
| State | Private |
| Release date | 2025-03-14 |
Vulnerability
| Kind | Reflected cross-site scripting (XSS) |
| Rule | Reflected cross-site scripting (XSS) |
| Remote | No |
| CVSSv4 Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:L/VA:L/SC:L/SI:L/SA:L/E:U |
| CVSSv4 Base Score | 4.8 (Medium) |
| Exploit available | No |
| CVE ID(s) | CVE-2025-31301 |
Description
Clean Testimonials 1.5.2. was found to be vulnerable. The web application dynamically generates web content without validating the source of the potentially untrusted data in myapp/lib/templates/email-new-testimonia l.php.
Vulnerability
Skims by Fluid Attacks discovered a Reflected cross-site scripting (XSS) in Clean Testimonials 1.5.2.. The following is the output of the tool:
Skims output
88 | <h1>New Testimonial</h1>
89 |
90 | <?php $site_url = home_url(); ?>
91 | <p>
92 | A new testimonial has been submitted on your website located at<br />
93 | <a href=""<?php echo $site_url; ?>""><?php echo $site_url; ?></a>.
94 | </p>
95 |
> 96 | <h2><?php echo $_POST['testimonial_client_name']; ?> wrote,</h2>
97 |
98 | <div class=""excerpt"">
99 | <?php echo apply_filters( 'the_excerpt', $testimonial->post_content ); ?>
100 | </div>
101 |
102 | <p class=""button-parent"">
103 | <a href=""<?php echo admin_url( 'post.php?post=' . $testimonial->ID . '&action=edit' ); ?>"" class=""button"">
104 | View Now
^ Col 0
Our security policy
We have reserved the ID CVE-2025-31301 to refer to this issue from now on.
System Information
- Product: Clean Testimonials
- Version: 1.5.2.
Mitigation
There is currently no patch available for this vulnerability.
Credits
The vulnerability was discovered by Andres Roldan from Fluid Attacks' Offensive Team using Skims
Timeline
2025-03-14
Vulnerability discovered.
2025-03-14
Vendor contacted.
