Vulnerabilities and security researches forstrong-testimonials strong-testimonials

Jun 07, 2024

CVE, Research URL: CVE-2020-8549
Home page URL: Security reports for Strong Testimonials
Application: Strong Testimonials
Date: Feb 03, 2020
Research Description: Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-4717
Home page URL: Security reports for Strong Testimonials
Application: Strong Testimonials
Date: Feb 07, 2023
Research Description: The Strong Testimonials WordPress plugin before 3.0.3 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-26013
Home page URL: Security reports for Strong Testimonials
Application: Strong Testimonials
Date: Jun 16, 2023
Research Description: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-52123
Home page URL: Security reports for Strong Testimonials
Application: Strong Testimonials
Date: Jan 05, 2024
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2024-3261
Home page URL: Security reports for Strong Testimonials
Application: Strong Testimonials
Date: Apr 24, 2024
Research Description: The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed
Affected versions: Min -, max -.
Status: vulnerable

Jun 09, 2024

CVE, Research URL: CVE-2023-6491
Home page URL: Security reports for Strong Testimonials
Application: Strong Testimonials
Date: Jun 07, 2024
Research Description: The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
Affected versions: Min -, max -.
Status: vulnerable

Jul 24, 2024

PSC, Research URL: PSC-2024-64513
Home page URL: Security reports for Strong Testimonials
Application: Strong Testimonials
Date: -
Research Description: Strong Testimonials is a versatile and user-friendly plugin designed to help WordPress users collect and display testimonials or reviews effortlessly. With over four years of development and user feedback, this plugin offers a wealth of flexible features, making it a favorite among both beginners and professionals. Its intuitive interface allows users to set up and manage testimonials quickly, ensuring a seamless experience for both website owners and visitors.
Affected versions: Min -, max -.
Status: SAFE & CERTIFIED

Oct 03, 2024

CVE, Research URL: CVE-2024-47362
Home page URL: Security reports for Strong Testimonials
Application: Strong Testimonials
Date: Nov 01, 2024
Research Description: Missing Authorization vulnerability in WPChill Strong Testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through 3.1.16.
Affected versions: Min -, max -.
Status: vulnerable

Feb 26, 2025

CVE, Research URL: CVE-2025-26975
Home page URL: Security reports for Strong Testimonials
Application: Strong Testimonials
Date: Feb 25, 2025
Research Description: Missing Authorization vulnerability in WP Chill Strong Testimonials allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Strong Testimonials: from n/a through 3.2.3.
Affected versions: Min -, max -.
Status: vulnerable

Jul 15, 2025

CVE, Research URL: CVE-2025-7367
Home page URL: Security reports for Strong Testimonials
Application: Strong Testimonials
Date: Jul 15, 2025
Research Description: The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Custom Fields in all versions up to, and including, 3.2.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable