WordPress Plugin Vulnerabilities

Strong Testimonials < 3.1.11 - Settings Update via CSRF

Description

The plugin does not have CSRF checks in various functions, which could allow attackers to make logged in admins perform unwanted actions via CSRF attacks, such as update the plugin's settings

Affects Plugins

Plugin icon
strong-testimonials
Fixed in 3.1.11

References

CVE
CVE-2023-52123
URL
https://patchstack.com/database/vulnerability/strong-testimonials/wordpress-strong-testimonials-plugin-3-1-10-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Brandon James Roldan (tomorrowisnew)
Verified
No
WPVDB ID
19696936-5c41-424e-aff0-d3a13dfd2a3c

Timeline

Publicly Published
2023-12-28 (about 2 years ago)
Added
2024-01-04 (about 2 years ago)
Last Updated
2024-01-04 (about 2 years ago)

Other

Published
Title
Published
2025-03-24
Title
Related Posts via Categories <= 2.1.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2025-04-24
Title
Unsafe Mimetypes <= 0.1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting
Published
2023-07-12
Title
Replace Word <= 2.1 - Cross-Site Request Forgery
Published
2014-09-21
Title
MailPoet Newsletters 2.6.10 - Unspecified CSRF
Published
2014-08-01
Title
Related Posts 2.7.1 - Cross-Site Request Forgery