cbcvebase.

Wpchill Strong Testimonials vulnerabilities

10 known vulnerabilities affecting wpchill/strong_testimonials.

Total CVEs
10
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM8

Vulnerabilities

Page 1 of 1
CVE-2020-8549P3MEDIUMCVSS 6.1PoCfixed in 2.40.12020-02-03
CVE-2020-8549 [MEDIUM] CWE-79 CVE-2020-8549: Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker p Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.
nvd
CVE-2024-47362P3HIGHCVSS 8.8fixed in 3.1.172024-11-01
CVE-2024-47362 [HIGH] CWE-862 CVE-2024-47362: Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials.This issue a Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials.This issue affects Strong Testimonials: from n/a through <= 3.1.16.
nvd
CVE-2023-52123P3HIGHCVSS 8.8≤ 3.1.10≥ n/a, ≤ 3.1.102024-01-05
CVE-2023-52123 [HIGH] CWE-352 CVE-2023-52123: Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects St Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.
nvd
CVE-2025-7367P4MEDIUMCVSS 6.4≤ 3.2.112025-07-15
CVE-2025-7367 [MEDIUM] CWE-79 CVE-2025-7367: The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Te The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Custom Fields in all versions up to, and including, 3.2.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pa
nvd
CVE-2026-3239P4MEDIUMCVSS 6.4≤ 3.2.212026-04-08
CVE-2026-3239 [MEDIUM] CWE-79 CVE-2026-3239: The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the pl The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonial_view shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and a
nvd
CVE-2025-11268P4MEDIUMCVSS 4.3≤ 3.2.162025-11-06
CVE-2025-11268 [MEDIUM] CWE-79 CVE-2025-11268: The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all v The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a do_shortcode call. This makes it possible for unauthenticated at
nvd
CVE-2025-14426P4MEDIUMCVSS 4.3≤ 3.2.182025-12-30
CVE-2025-14426 [MEDIUM] CWE-862 CVE-2025-14426: The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above to modify or delete the rating meta on any testimonial
nvd
CVE-2023-26013P4MEDIUMCVSS 5.4≤ 3.0.2≥ n/a, ≤ 3.0.22023-06-16
CVE-2023-26013 [MEDIUM] CWE-79 CVE-2023-26013: Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.
nvd
CVE-2023-6491P4MEDIUMCVSS 4.3fixed in 3.1.13≤ 3.1.122024-06-07
CVE-2023-6491 [MEDIUM] CWE-284 CVE-2023-6491: The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
nvd
CVE-2024-3261P4MEDIUMCVSS 4.8fixed in 3.1.122024-04-24
CVE-2024-3261 [MEDIUM] CWE-79 CVE-2024-3261: The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Test The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed
nvd
Wpchill Strong Testimonials vulnerabilities | cvebase