CVE-2015-10147
Published
CVSS v3
4.9
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Easy Testimonial Slider and Form plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
<p><strong>Easy Testimonial Slider and Form</strong> lets you display beautiful responsive testimonials on any page or post — using the Gutenberg block editor or classic shortcode. Visitors can submit their own testimonials through a built-in form, with captcha protection and admin moderation.</p>
<h4>✅ Key Features (Free)</h4>
<ul>
<li><strong>Gutenberg block</strong> — add the Testimonial Slider block directly from the block inserter</li>
<li><strong>Testimonial submission form</strong> — let visitors submit testimonials from the frontend</li>
<li><strong>Captcha protection</strong> — protect your form from spam</li>
<li><strong>Photo upload</strong> — visitors can upload their photo with their testimonial</li>
<li><strong>Gravatar support</strong> — pull photos automatically from Gravatar</li>
<li><strong>Admin moderation</strong> — approve or reject submissions before they go live</li>
<li><strong>Auto-slide</strong> — automatically rotate through testimonials</li>
<li><strong>Responsive</strong> — looks great on mobile, tablet and desktop</li>
<li><strong>Shortcodes</strong> — <code>[print_best_testimonial_slider]</code> and <code>[print_best_testimonial_form]</code></li>
<li><strong>Customisable labels</strong> — change every field label to any language</li>
<li><strong>Email notification</strong> — get notified when a new testimonial is submitted</li>
</ul>
<h4>🚀 Pro Features</h4>
<p>Upgrade to <a href="https://www.i13websolution.com/product/wordpress-easy-testimonial-slider-plugin/" rel="nofollow ugc">Easy Testimonial Slider Pro</a> to unlock:</p>
<ul>
<li><strong>Unlimited sliders</strong> — free version supports 1 slider</li>
<li><strong>5 beautiful slider styles</strong> — choose the perfect look for your brand</li>
<li><strong>Testimonial Grid layout</strong> — display testimonials as a responsive grid with pagination. Use the <code>[testimonial_grid]</code> shortcode or the dedicated Gutenberg block. Choose 1–4 columns, set card height and excerpt length</li>
<li><strong>Star ratings</strong> — let visitors rate with 1–5 stars</li>
<li><strong>Custom arrow and quote colors</strong> — match your brand exactly</li>
<li><strong>Custom font sizes and colors</strong> — full control over text appearance</li>
<li><strong>Fade transition</strong> — smooth fade instead of slide</li>
<li><strong>Random order</strong> — show testimonials in random order</li>
<li><strong>Author link</strong> — link author name to their website</li>
<li><strong>Auto-approve</strong> — publish submissions instantly without review</li>
<li><strong>Bulk approve/reject</strong> — manage many submissions at once</li>
<li><strong>Multiple forms</strong> — different form settings per slider</li>
<li><strong>Schema markup</strong> — Google Rich Snippets for star ratings in search results</li>
<li><strong>CSV Import/Export</strong> — backup and restore all testimonials as a CSV file</li>
<li><strong>Priority support</strong></li>
</ul>
<p><strong><a href="https://www.i13websolution.com/product/wordpress-easy-testimonial-slider-plugin/" rel="nofollow ugc">Get Pro Version <span aria-hidden="true" class="wp-exclude-emoji">→</span></a></strong></p>
<h4>How to Use</h4>
<p><strong>With Gutenberg (recommended):</strong></p>
<ol>
<li>Edit any page or post</li>
<li>Click the <strong>+</strong> block inserter</li>
<li>Search for <strong>“Testimonial Slider”</strong> or <strong>“Testimonial Form”</strong></li>
<li>Add the block — your slider or form appears instantly</li>
</ol>
<p><strong>With Shortcode:</strong></p>
<p>Add <code>[print_best_testimonial_slider]</code> anywhere to show the slider.<br />
Add <code>[print_best_testimonial_form]</code> anywhere to show the submission form.</p>
<h4>Live Demo</h4>
<p><strong><a href="http://blog.i13websolution.com/live-preview-best-testimonial-slider-plugin/" rel="nofollow ugc">View Live Demo <span aria-hidden="true" class="wp-exclude-emoji">→</span></a></strong></p>
<h4>Video Tutorial</h4>
<p><span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/gBwqimraVLU?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span></p>
WordPress Plugin Directory