WordPress Plugin Vulnerabilities

Strong Testimonials <= 2.31.4 - Multiple Authenticated Cross-Site Scripting (XSS)

Description

The Strong Testimonials WordPress plugin was affected by a Multiple Authenticated Cross-Site Scripting (XSS) security vulnerability.

Affects Plugins

Plugin icon
strong-testimonials
Fixed in 2.31.5

References

URL
https://seclists.org/fulldisclosure/2018/Jul/88
URL
https://www.defensecode.com/advisories/DC-2018-05-007_WordPress_Strong_Testimonials_Plugin_Advisory.pdf
URL
https://plugins.trac.wordpress.org/changeset/1885372/strong-testimonials

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79

Miscellaneous

Submitter
Ryan
Submitter twitter
ethicalhack3r
Verified
No
WPVDB ID
89441d12-491e-4026-8be1-2c4c22bc5bba

Timeline

Publicly Published
2018-07-28 (about 7 years ago)
Added
2018-07-31 (about 7 years ago)
Last Updated
2019-11-01 (about 6 years ago)

Other

Published
Title
Published
2023-03-29
Title
Simple Image Popup < 2.0.0 - Admin+ Stored XSS
Published
2021-11-15
Title
Auto Featured Image < 3.9.3 - Reflected Cross-Site Scripting
Published
2024-02-14
Title
WP SMS < 6.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
Published
2025-06-05
Title
Pinterest Verify Meta Tag <= 1.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
Published
2024-01-26
Title
Allow SVG < 1.2.0 - Author+ Stored XSS via SVG