WordPress Plugin Vulnerabilities

Strong Testimonials < 2.40.1 - Stored Cross Site Scripting (XSS)

Description

Multiple stored XSS vulnerabilities found in popular WordPress testimonial plugin, Strong Testimonials.

First reported to the Strong Testimonials team on 23rd January 2020.

Affects Plugins

Plugin icon
strong-testimonials
Fixed in 2.40.1

References

CVE
CVE-2020-8549
URL
https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-strong-testimonials-plugin/
URL
https://www.jinsonvarghese.com/stored-xss-vulnerability-in-strong-testimonials-plugin/
URL
https://github.com/MachoThemes/strong-testimonials/blob/master/changelog.txt

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Jinson Varghese Behanan
Submitter
Jinson Varghese Behanan
Submitter website
https://www.jinsonvarghese.com
Submitter twitter
JinsonCyberSec
Verified
No
WPVDB ID
3a9d36f4-0a34-4f90-a78d-f3eed272e083

Timeline

Publicly Published
2020-02-01 (about 6 years ago)
Added
2020-02-01 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2026-02-17
Title
Download Manager < 3.3.47 - Reflected Cross-Site Scripting via 'redirect_to' Parameter
Published
2025-04-09
Title
Oppso Unit Converter <= 1.1.1 - Reflected Cross-Site Scripting
Published
2014-08-01
Title
Seo Link Rotator - pusher.php title Parameter Reflected XSS
Published
2023-05-25
Title
AI ChatBot < 4.5.6 - Admin+ Stored Cross-Site Scripting
Published
2023-09-21
Title
Shared Files < 1.7.6 - Unauthenticated Stored Cross-Site Scripting