3 matches found
WordPress Easy Testimonials Plugin <= 3.9.5 is vulnerable to Cross Site Scripting (XSS)
Software Easy Testimonials Type Plugin Vulnerable versions = 3.9.5 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2337 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b71aceb02810 Credits Krzysztof Zając Required...
CVE-2024-2337 Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonialsgrid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2024-2337 Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonialsgrid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...