3 matches found
CVE-2023-45754
CVE-2023-45754 : A stored Cross-Site Scripting (XSS) flaw in the WordPress plugin “Easy Testimonial Slider and Form” (versions ≤ 1.0.18). The root cause is improper input neutralization during web page generation, enabling an attacker (with administrator privileges per PatchStack/Wordfence contex...
CVE-2022-46799
The CVE-2022-46799 entry describes an unauthenticated Reflected Cross-Site Scripting (XSS) in the WordPress plugin Easy Testimonial Slider and Form, versions up to 1.0.15. The root cause is improper input handling (lack of proper sanitization/escaping) when outputting a parameter back to the page...
CVE-2015-10147
CVE-2015-10147 summary (NORMAL) The Easy Testimonial Slider and Form WordPress plugin is vulnerable to SQL Injection via the id parameter in all versions up to and including 1.0.2 due to insufficient escaping and improper query preparation. This allows authenticated attackers with Administrator-l...