Report
The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. This makes it possible for unauthenticated attackers to update the OpenAI API key, disabling the feature.
Score:5.3
Severity:Medium
Version: 10.2.0
There is a patch available in v10.2.1 and we strongly recommend you update to this version as soon as possible.
