3 matches found
CVE-2020-14959
The CVE-2020-14959 entry concerns the WordPress Easy Testimonials plugin, affected versions before 3.6. The vulnerability is a set of remote XSS flaws exploitable via parameters in wp-admin/post.php (Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, Ra...
CVE-2022-4577
The CVE-2022-4577 entry concerns the Easy Testimonials WordPress plugin (pre-3.9.3). The root cause is that the plugin fails to validate and escape certain shortcode attributes before output, enabling Stored XSS. The vulnerability can be exploited by users with as little as Contributor privileges...
CVE-2020-36749
CVE-2020-36749 affects the Easy Testimonials WordPress plugin (versions up to 3.6.1). The root cause is missing or incorrect nonce validation in saveCustomFields(), enabling CSRF so that unauthenticated attackers could save custom fields by tricking an administrator. Impact is unauthenticated arb...