6 matches found
CVE-2020-14959
The CVE-2020-14959 entry concerns the WordPress Easy Testimonials plugin, affected versions before 3.6. The vulnerability is a set of remote XSS flaws exploitable via parameters in wp-admin/post.php (Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, Ra...
CVE-2024-2337
CVE-2024-2337 affects the WordPress plugin Easy Testimonials (versions up to and including 3.9.5). The vulnerability is a Stored Cross-Site Scripting (XSS) flaw in the plugin’s testimonials_grid shortcode caused by insufficient input sanitization and output escaping on user-supplied attributes. E...
CVE-2017-12131
The CVE-2017-12131 entry corresponds to a cross-site scripting (XSS) vulnerability in the WordPress Easy Testimonials plugin, version 3.0.4. The flaw exists in include/settings/display.options.php and is demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial ...
CVE-2018-19564
The CVE-2018-19564 entry describes a Stored XSS in the WordPress plugin Easy Testimonials (version 3.2). The vulnerability is triggered via three wp-admin/post.php parameters: _ikcf_client, _ikcf_position, and _ikcf_other, enabling Cross-Site Scripting in the admin context. Public references incl...
CVE-2022-4577
The CVE-2022-4577 entry concerns the Easy Testimonials WordPress plugin (pre-3.9.3). The root cause is that the plugin fails to validate and escape certain shortcode attributes before output, enabling Stored XSS. The vulnerability can be exploited by users with as little as Contributor privileges...
CVE-2020-36749
CVE-2020-36749 affects the Easy Testimonials WordPress plugin (versions up to 3.6.1). The root cause is missing or incorrect nonce validation in saveCustomFields(), enabling CSRF so that unauthenticated attackers could save custom fields by tricking an administrator. Impact is unauthenticated arb...