The testimonial-slider plugin up to and including 1.2.1 for WordPress has CSRF with resultant XSS.
slidervilla testimonial slider