Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

CVE-2025-62933: Awesome Testimonials: Malicious Code Can Be Injected via Stored Comments

CVE-2025-62933

Summary

A security issue in Awesome Testimonials allows an attacker to inject malicious code into a website when a user previews or publishes a comment. This can lead to unauthorized actions on the site. To fix this, update Awesome Testimonials to version 2.2.2 or later.

Original title

Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.

Original description

Cross-Site Request Forgery (CSRF) vulnerability in Prakash Awesome Testimonials awesome-testimonials allows Stored XSS.This issue affects Awesome Testimonials: from n/a through <= 2.2.1.

nvd CVSS3.1 8.8

Vulnerability type

CWE-352 Cross-Site Request Forgery (CSRF)

https://patchstack.com/database/Wordpress/Plugin/awesome-testimonials/vulnerabil...

Published: 27 Oct 2025 · Updated: 15 Jun 2026 · First seen: 7 Mar 2026