Goldplugins
goldplugins
12 CVEs • 5 products
Products (5)
Click to collapseToggle
Products (5)
Click to collapse
CVEs (12)
CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS |
|---|
The Custom Banners plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it pos...Show more |
The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization a...Show more |
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions. |
The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields() function. This ma...Show more |
The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. This is due to missing or incorrect nonce validation on the saveCustomFields() function....Show more |
The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. Thi...Show more |
The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes...Show more |
The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perf...Show more |
1Goldplugins 1Easy Testimonials Jun 17, 2026 Jun 22, 2020 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Loc...Show more |
1Goldplugins 1Easy Testimonials Nov 21, 2024 Nov 26, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. |
1Goldplugins 1Easy Testimonials May 13, 2026 Aug 1, 2017 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens. |
1Goldplugins 1Testimonials Plugin Easy Testimonials May 13, 2026 Jun 12, 2017 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php. |