WordPress Plugin Vulnerabilities

Strong Testimonials < 3.2.4 - Missing Authorization

Description

The Strong Testimonials plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
strong-testimonials
Fixed in 3.2.4

References

CVE
CVE-2025-26975
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/ae910382-cc5d-41e3-b2f4-e91367a5d086

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Revan Arifio
Verified
No
WPVDB ID
7d3a1932-f632-426e-b04b-2fed457aa1d0

Timeline

Publicly Published
2025-02-23 (about 1 year ago)
Added
2025-03-03 (about 1 year ago)
Last Updated
2025-03-03 (about 1 year ago)

Other

Published
Title
Published
2024-04-30
Title
Google Typography <= 1.1.2 - Missing Authorization
Published
2025-08-27
Title
WP Bulk Delete < 1.3.7 - Missing Authorization
Published
2024-08-28
Title
ReviveNews < 1.0.3 - Missing Authorization via revivenews_install_and_activate_plugins()
Published
2026-02-20
Title
PublishPress Capabilities < 2.32.0 - Missing Authorization
Published
2025-06-12
Title
Arconix FAQ < 1.9.7 - Missing Authorization