CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2337 – Easy Testimonials <= 3.9.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
https://notcve.org/view.php?id=CVE-2024-2337
19 Jul 2024 — The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. El complemento Easy Testimonials para WordPres... • https://plugins.trac.wordpress.org/browser/easy-testimonials/trunk/easy-testimonials.php#L1039 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-4577 – Easy Testimonials < 3.9.3 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2022-4577
10 Jan 2023 — The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.9.2 due to insufficient input sanit... • https://wpscan.com/vulnerability/85d9fad7-ba3d-4140-ae05-46262d2643e6 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36749 – Easy Testimonials <= 3.6.1 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2020-36749
16 Sep 2020 — The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-14959 – Easy Testimonials <= 3.5.2 - Authenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-14959
13 May 2020 — Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter. Múltiples vulnerabilidades de tipo XSS en el plugin Easy Testimonials versiones anteriores a 3.6 para WordPress, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del parámetro Client Name, Posit... • https://wpvulndb.com/vulnerabilities/10223 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-19564 – Easy Testimonials <= 3.5.2 - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2018-19564
26 Nov 2018 — Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting. Se ha descubierto Cross-Site Scripting (XSS) persistente en el plugin 3.2 "Easy Testimonials" para WordPress. Tres parámetros en wp-admin/post.php (_ikcf_client, _ikcf_position y _ikcf_other) tienen Cross-Site Scripting (XSS). Stored XSS was discovered in the Easy Testimonials plugin 3.5.2 for WordPress. • https://www.exploit-db.com/exploits/45900 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12131 – Easy Testimonials <= 3.0.4 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-12131
31 Jul 2017 — The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens. El plugin Easy Testimonials en su versión 3.0.4 para WordPress tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) en include/settings/display.options.php, tal y como lo demuestran las pantallas de Default Testimonials Width, View More Testimonials Link y Testimonial Excerpt Options. • https://github.com/kevins1022/cve/blob/master/wordpress-Easy-Testimonials.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •