CVE-2020-36749

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

We have discovered 9 live websites that are affected by CVE-2020-36749.

Affected Software


Product	Easy Testimonials
Category	Wordpress Plugins
Vulnerable Versions	from 0 before 3.7
Total Vulnerable Versions	21
Vulnerable Domains	9 live websites (6.72% of Easy Testimonials install base)

Distribution by Website Rank

The diagram provides a graphic representation of the correlation between the occurrence of CVE-2020-36749 and the relative popularity of websites

Available Reports

Website List

Details

Published - Jul 1, 2023
Updated - Jul 1, 2023

Credits

Jerome Bruandet (finder)

CVE References

CWE References

cwe.mitre.org

Countries

United States	1 websites

Belgium	3 websites
France	2 websites
Germany	1 websites
GB	1 websites
Netherlands	1 websites

TLDs

.be	2 websites
.fr	2 websites
.co.uk	1 websites
.com	1 websites
.de	1 websites
.nl	1 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Geographical Distribution

The distribution of websites across the globe that are exposed to CVE-2020-36749 through included software libraries and plugins.

References

Websites affected by CVE-2020-36749

Top websites that are affected by CVE-2020-36749. Please click on the "Contact us" button above to get more information.

Domain	Country	Rank
********.nl	Netherlands	,,*
********.vlaanderen	Belgium	,,*
********.fr	France	,,*
********.de	Germany	,,*
******..uk	GB	,,*
****************.fr	France	,,*
********.be	Belgium	,,*
****************.be	Belgium	,,*
*********.com	United States	,,*

See full domain list