Adéla Goldová reports multiple Vulnerabilities in the WordPress HMS Testimonials Plugin
About the Plugin
HMS Testimonials is a free plugin available through WordPress.org pugins. It allows to display testimonials on a page or post. It allows to use groups to organise and filter testimonials for specific pages.
Using three shortcodes and two widgets it offers the user a series of features around testimonials.
The plugin seems to be reasonable popular and the author, Jeff Kreitner ( http://profiles.wordpress.org/kreitje/ ) seems to be keeping the plugin up to date. According to the report the author released an update as soon as issue became known.
About the Vulnerabilities
The issues by reported Adela are for Version 2.0.10 and highlight a number of problems:
- Cross-Site Request Forgery
- Cross-Site Scripting
Update to version 2.0.11 asap .
Plugin: HMS Testimonials