Cross-Site Request Forgery in Easy Testimonials Plugin for WordPress
CVE-2020-36749
4.3MEDIUM
What is CVE-2020-36749?
The Easy Testimonials plugin for WordPress is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the saveCustomFields() function. This flaw allows unauthenticated attackers to exploit the plugin by persuading a site administrator to unknowingly execute an action via a malicious link. Attackers can manipulate the plugin's functionality and potentially compromise site integrity, thus affecting users' experience and trust.
Affected Version(s)
Easy Testimonials * < 3.7