🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Easy Testimonials

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Easy Testimonials

Information

Software Type	Plugin
Software Slug	easy-testimonials (view on wordpress.org)
Software Status	Active
Software Author	ghuger
Software Website	goldplugins.com
Software Downloads	1,159,303
Software Active Installs	20,000
Software Record Last Updated	April 30, 2024

7 Vulnerabilities

Easy Testimonials <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

6.4

CVE-2022-4577

Jan 10, 2023

Researcher: István Márton

Easy Testimonials <= 3.8 - Reflected Cross-Site Scripting

6.1

CVE ID Unknown

Jun 14, 2022

Researcher: WPScanTeam

Easy Testimonials <= 3.6.1 - Cross-Site Request Forgery Bypass

4.3

CVE-2020-36749

Sep 16, 2020

Researcher: Jerome Bruandet

Easy Testimonials <= 3.5.2 - Authenticated Stored Cross-Site Scripting

5.4

CVE-2020-14959

May 13, 2020

Researcher: Ngo Van Thien

Easy Testimonials <= 3.5.2 - Stored Cross-Site Scripting

6.1

CVE-2018-19564

Nov 26, 2018

Researcher: En_dust

Easy Testimonials <= 3.0.4 - Cross-Site Scripting

6.1

CVE-2017-12131

Jul 31, 2017

Researcher: ning1022

Easy Testimonials <= 1.36.1 - Authenticated Stored Cross-Site Scripting

7.4

CVE ID Unknown

Jul 31, 2016

Researcher: Bente Schopman

Title	CVE ID	CVSS	Researchers	Date
Easy Testimonials <= 3.9.2 - Authenticated (Contributor+) Stored Cross-Site Scripting	CVE-2022-4577	6.4	István Márton	January 10, 2023
Easy Testimonials <= 3.8 - Reflected Cross-Site Scripting		6.1	WPScanTeam	June 14, 2022
Easy Testimonials <= 3.6.1 - Cross-Site Request Forgery Bypass	CVE-2020-36749	4.3	Jerome Bruandet	September 16, 2020
Easy Testimonials <= 3.5.2 - Authenticated Stored Cross-Site Scripting	CVE-2020-14959	5.4	Ngo Van Thien	May 13, 2020
Easy Testimonials <= 3.5.2 - Stored Cross-Site Scripting	CVE-2018-19564	6.1	En_dust	November 26, 2018
Easy Testimonials <= 3.0.4 - Cross-Site Scripting	CVE-2017-12131	6.1	ning1022	July 31, 2017
Easy Testimonials <= 1.36.1 - Authenticated Stored Cross-Site Scripting		7.4	Bente Schopman	July 31, 2016

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation