Is "Easy Testimonials" safe?

Easy Testimonials: Plugin Details

---

Type:	Plugin
Author:	Gold Plugins
URL:	https://wordpress.org/plugins/easy-testimonials/
Latest Version:	3.9.5

 

Easy Testimonials: Security Information

---

Insecure versions:	Up To 3.9.5
Known since:	2024-07-19 14:30:33

Insecure versions:	Up To 1.1
Known since:	2023-07-04 14:11:13

Insecure versions:	Up To 1.1
Known since:	2023-01-10 02:15:47

Insecure versions:	Up To 3.8
Known since:	2022-06-15 10:11:11

Insecure versions:	Up To 1.1
Known since:	2020-09-17 15:28:00
Description:	The plugins only check the CSRF nonce if it has been provided, making them vulnerable to CSRF attacks if the nonce is removed.

Insecure versions:	Up To 1.1
Known since:	2020-05-14 11:15:41
Description:	Multiple cross-site scripting vulnerabilities in Easy Testimonials 3.5.2 and lower allow an authenticated medium-privileged user (contributor+) to inject arbitrary javascript code which is executed when admin and other users access the All Testimonials page in the backend, as well as the testimonial is displayed in the frontend if the 'Allow HTML Tags in Testimonials' option is enabled (which it is by default).

Insecure versions:	Up To 1.36.1
Known since:	2016-08-02 19:30:37

 

Easy Testimonials: Safety Recommendations

---

We have rated Easy Testimonials as Unsafe which means that all versions of the plugin have vulnerabilities.

We recommend that until an update is released do not use Easy Testimonials.

Easy Testimonials: Keeping Safe

---

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:

• Automated Backups
  Full backup of your entire site with unlimited storage space.
• Restores & Migrations
  Restore or migrate your site from a backup with one click.
• Security Scanning
  Regular, automated scans of your site for malware, threats, and hacks.
• Expert Support
  Fast, priority support for any WordPress security issue.

Choose Your Plan