RSS   Vulnerabilities for 'Easy testimonials'   RSS

2020-06-22
 
CVE-2020-14959

CWE-79
 

 
Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter.

 
2018-11-26
 
CVE-2018-19564

CWE-79
 

 
Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.

 
2017-08-01
 
CVE-2017-12131

 

 
The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens.

 

 >>> Vendor: Goldplugins 2 Products
Testimonials plugin easy testimonials
Easy testimonials


Copyright 2020, cxsecurity.com

 

Back to Top