Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
patchstack.com/database/vulnerability/easy-testimonial-rotator/wordpress-easy-testimonial-slider-and-form-plugin-1-0-18-cross-site-scripting-xss
www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/easy-testimonial-rotator/easy-testimonial-slider-and-form-1018-authenticated-administrator-stored-cross-site-scripting-via-settings