cbcvebase.
CVE-2024-3261
published 2024-04-24

CVE-2024-3261: The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post…

PriorityP420medium4.8CVSS 3.1
AVNACLPRHUIRSCCLILAN
EPSS
0.40%
31.8th percentile
The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed

Affected

1 ranges
VendorProductVersion rangeFixed in
wpchillstrong_testimonials< 3.1.123.1.12
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.