WordPress Plugin Vulnerabilities

Easy Testimonials < 1.37 - Authenticated Stored Cross-Site Scripting (XSS)

Description

Multiple stored Cross-Site Scripting vulnerabilities were found and can be exploited by an authenticated Contributor (or higher).

Affects Plugins

Plugin icon
easy-testimonials
Fixed in 1.37

References

URL
https://seclists.org/fulldisclosure/2016/Jul/87
URL
https://sumofpwn.nl/advisory/2016/stored_cross_site_scripting_vulnerability_in_easy_testimonials_wordpress_plugin.html

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
8.9 (high)

Miscellaneous

Submitter
ethicalhack3r
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
dcb49434-dd2f-4718-be9f-5f617f7f96fd

Timeline

Publicly Published
2016-07-31 (about 9 years ago)
Added
2016-08-01 (about 9 years ago)
Last Updated
2021-03-02 (about 5 years ago)

Other

Published
Title
Published
2024-01-19
Title
WPForms Pro < 1.8.5.4 - Unauthenticated Stored Cross-Site Scripting via Form Submission
Published
2025-12-12
Title
Kingcabs < 1.1.10 - Authenticated (Contributor+) Stored Cross-Site Scripting via progressbarLayout Parameter
Published
2020-11-12
Title
Love Travel 2.0-3.8 - Unauthenticated Reflected XSS & XFS
Published
2024-10-30
Title
Jigoshop – Store Exporter <= 1.5.8 - Reflected Cross-Site Scripting
Published
2026-04-27
Title
TheGem Theme Elements < 5.12.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting