cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-2337,https://securityvulnerability.io/vulnerability/CVE-2024-2337,Stored Cross-Site Scripting Vulnerability Affects Easy Testimonials Plugin,"The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,Easy Testimonials,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-07-20T02:37:14.391Z,0
CVE-2020-36749,https://securityvulnerability.io/vulnerability/CVE-2020-36749,Cross-Site Request Forgery in Easy Testimonials Plugin for WordPress,"The Easy Testimonials plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the saveCustomFields() function. This flaw allows unauthenticated attackers to exploit the plugin by persuading a site administrator to unknowingly execute an action via a malicious link. Attackers can manipulate the plugin's functionality and potentially compromise site integrity, thus affecting users' experience and trust.",Wordpress,Easy Testimonials,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2023-07-01T05:33:30.326Z,0
CVE-2022-4577,https://securityvulnerability.io/vulnerability/CVE-2022-4577,Easy Testimonials < 3.9.3 - Contributor+ Stored XSS,"The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.",Wordpress,Easy Testimonials,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,false,false,2023-02-06T19:59:09.665Z,0
CVE-2021-24394,https://securityvulnerability.io/vulnerability/CVE-2021-24394,Easy Testimonial Manager <= 1.2.0 - Authenticated SQL Injection,"An id GET parameter of the Easy Testimonial Manager WordPress plugin through 1.2.0 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection",Wordpress,Easy Testimonial Manager,7.2,HIGH,0.0015399999683722854,false,,false,false,false,,false,false,2021-09-06T11:09:22.000Z,0
CVE-2020-14959,https://securityvulnerability.io/vulnerability/CVE-2020-14959,,"Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, Web Address, Other, Location Reviewed, Product Reviewed, Item Reviewed, or Rating parameter.",Wordpress,Easy Testimonials,5.4,MEDIUM,0.0009299999801442027,false,,false,false,false,,false,false,2020-06-22T00:15:00.000Z,0
CVE-2018-19564,https://securityvulnerability.io/vulnerability/CVE-2018-19564,,Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and _ikcf_position and _ikcf_other) have Cross-Site Scripting.,Wordpress,Easy Testimonials,6.1,MEDIUM,0.0011599999852478504,false,,false,false,false,,false,false,2018-11-26T18:29:00.000Z,0
CVE-2017-12131,https://securityvulnerability.io/vulnerability/CVE-2017-12131,,"The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default Testimonials Width, View More Testimonials Link, and Testimonial Excerpt Options screens.",Wordpress,Easy Testimonials,6.1,MEDIUM,0.0012799999676644802,false,,false,false,false,,false,false,2017-08-01T05:29:00.000Z,0
CVE-2017-9418,https://securityvulnerability.io/vulnerability/CVE-2017-9418,,SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.,Wordpress,Testimonials Plugin Easy Testimonials,8.8,HIGH,0.0012199999764561653,false,,false,false,false,,false,false,2017-06-12T13:00:00.000Z,0