Goldplugins Easy Testimonials — known CVE vulnerabilities
Every CVE whose affected-product data names Goldplugins Easy Testimonials, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2024-2337 — CVSS 6.4 (medium): The Easy Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testimonials_grid ' shortcode in…
CVE-2017-12131 — CVSS 6.1 (medium): The Easy Testimonials plugin 3.0.4 for WordPress has XSS in include/settings/display.options.php, as demonstrated by the Default…
CVE-2018-19564 — CVSS 6.1 (medium): Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. Three wp-admin/post.php parameters (_ikcf_client and…
CVE-2020-14959 — CVSS 5.4 (medium): Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script…
CVE-2022-4577 — CVSS 5.4 (medium): The Easy Testimonials WordPress plugin before 3.9.3 does not validate and escape some of its shortcode attributes before outputting them…
CVE-2020-36749 — CVSS 4.3 (medium): The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due…