Lucene search
K
GoldpluginsEasy Testimonials

6 matches found

CVE
CVE
added 2020/06/21 11:4 p.m.70 views

CVE-2020-14959

The CVE-2020-14959 entry concerns the WordPress Easy Testimonials plugin, affected versions before 3.6. The vulnerability is a set of remote XSS flaws exploitable via parameters in wp-admin/post.php (Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, Ra...

5.4CVSS5.4AI score0.00892EPSS
Web
CVE
CVE
added 2024/07/20 2:37 a.m.67 views

CVE-2024-2337

CVE-2024-2337 affects the WordPress plugin Easy Testimonials (versions up to and including 3.9.5). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the plugin’s testimonials_grid shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. E...

6.4CVSS5.7AI score0.00355EPSS
CVE
CVE
added 2017/08/01 5:0 a.m.58 views

CVE-2017-12131

The CVE-2017-12131 entry corresponds to a cross-site scripting (XSS) vulnerability in the WordPress Easy Testimonials plugin, version 3.0.4. The flaw exists in include/settings/display.options.php and is demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial ...

6.1CVSS6AI score0.0078EPSS
CVE
CVE
added 2018/11/26 6:0 p.m.56 views

CVE-2018-19564

The CVE-2018-19564 entry describes a Stored XSS in the WordPress plugin Easy Testimonials (version 3.2). The vulnerability is triggered via three wp-admin/post.php parameters: _ikcf_client, _ikcf_position, and _ikcf_other, enabling Cross-Site Scripting in the admin context. Public references incl...

6.1CVSS5.9AI score0.00932EPSS
Web
CVE
CVE
added 2023/02/06 7:59 p.m.53 views

CVE-2022-4577

The CVE-2022-4577 entry concerns the Easy Testimonials WordPress plugin (pre-3.9.3). The root cause is that the plugin fails to validate and escape certain shortcode attributes before output, enabling Stored XSS. The vulnerability can be exploited by users with as little as Contributor privileges...

5.4CVSS5.3AI score0.00649EPSS
CVE
CVE
added 2023/07/01 5:33 a.m.29 views

CVE-2020-36749

CVE-2020-36749 affects the Easy Testimonials WordPress plugin (versions up to 3.6.1). The root cause is missing or incorrect nonce validation in saveCustomFields(), enabling CSRF so that unauthenticated attackers could save custom fields by tricking an administrator. Impact is unauthenticated arb...

4.3CVSS4.2AI score0.00464EPSS