cleantalk
Vulnerabilities and Security Researches

Strong Testimonials, CVE-2025-14426

CVE, Research URL

CVE-2025-14426

Home page URL

Security reports for Strong Testimonials

Application

Strong Testimonials

Published on
Dec 30, 2025
Research Description
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above to modify or delete the rating meta on any testimonial post, including those created by other users, by reusing a valid nonce obtained from their own testimonial edit screen.
Affected versions
max 3.2.19.
Status
vulnerable
Previous vulnerability researches
Strong Testimonials (CVE-2024-47362) , Oct 03, 2024
Strong Testimonials (CVE-2025-7367) , Jul 15, 2025
Strong Testimonials (CVE-2025-14426) , Jan 28, 2026
Strong Testimonials (CVE-2023-6491) , Jun 09, 2024
Strong Testimonials (CVE-2025-11268) , Nov 10, 2025
New vulnerability
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) (CVE-2026-32430) , Mar 29, 2026
YayMail – WooCommerce Email Customizer (CVE-2026-27327) , Mar 29, 2026
Strong Testimonials (CVE-2026-24957) , Mar 29, 2026
BackWPup – WordPress Backup Plugin (CVE-2025-15041) , Mar 29, 2026
hCaptcha for WordPress (CVE-2026-25315) , Mar 29, 2026