CVEs (6)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization a...Show more |
The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. Thi...Show more |
The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perf...Show more |
1Goldplugins 1Easy Testimonials Jun 17, 2026 Jun 22, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Loc...Show more |
1Goldplugins 1Easy Testimonials Nov 21, 2024 Nov 26, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. |
1Goldplugins 1Easy Testimonials May 13, 2026 Aug 1, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens. |