Strong Testimonials
Approved changes feed: RSS · Atom
cpe:2.3:a:wpchill:strong_testimonials:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Wpchill (229d438d-d20e-586d-ac2f-e6b4e123f9dc) |
|---|---|
| Product | Strong Testimonials (610164d5-9d13-5bbd-a0ac-8f57807bf278) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from purl2cpe mapping |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/wpchill/strong-testimonials |
purl2cpe | 2026-06-01 10:12:17.937806 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-3239 |
vulnerable | 2026-06-03 15:23:31.899167 |
Strong Testimonials <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode
MEDIUM (6.4)
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonial_view shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2026-04-08T04:27:16.978Z
Updated: 2026-04-08T17:05:19.972Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-7367 |
vulnerable | 2026-06-03 15:12:31.022386 |
Strong Testimonials <= 3.2.11 - Authenticated (Author+) Stored Cross-Site Scripting via Custom Fields
MEDIUM (6.4)
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Custom Fields in all versions up to, and including, 3.2.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Published: 2025-07-15T04:23:41.525Z
Updated: 2026-04-08T16:57:45.025Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-14426 |
vulnerable | 2026-06-03 14:58:55.292784 |
Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update
MEDIUM (4.3)
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above to modify or delete the rating meta on any testimonial post, including those created by other users, by reusing a valid nonce obtained from their own testimonial edit screen.
Published: 2025-12-30T12:22:35.514Z
Updated: 2026-04-08T17:21:32.717Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11268 |
vulnerable | 2026-06-03 14:58:35.844666 |
Strong Testimonials <= 3.2.16 - Unauthenticated Arbitrary Shortcode Execution
MEDIUM (4.3)
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a do_shortcode call. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes if an administrator previews or publishes a crafted testimonial.
Published: 2025-11-06T08:26:27.860Z
Updated: 2026-04-08T17:23:38.359Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-47362 |
vulnerable | 2026-06-03 14:57:01.120915 |
WordPress Strong Testimonials plugin <= 3.1.16 - Broken Access Control vulnerability
MEDIUM (4.3)
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials.This issue affects Strong Testimonials: from n/a through <= 3.1.16.
Published: 2024-11-01T14:17:01.952Z
Updated: 2026-04-28T16:10:19.706Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-6491 |
vulnerable | 2026-06-03 14:53:51.976334 |
Strong Testimonials <= 3.1.12 - Authenticated(Contributor+) Improper Authorization to Views Modification
MEDIUM (4.3)
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
Published: 2024-06-07T05:33:46.516Z
Updated: 2026-04-08T17:20:20.002Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-52123 |
vulnerable | 2026-06-03 14:53:38.722941 |
WordPress Strong Testimonials Plugin <= 3.1.10 is vulnerable to Cross Site Request Forgery (CSRF)
MEDIUM (4.3)
Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.
Published: 2024-01-05T09:05:12.905Z
Updated: 2026-04-28T16:09:04.972Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-26013 |
vulnerable | 2026-06-03 14:50:27.661990 |
WordPress Strong Testimonials Plugin <= 3.0.2 is vulnerable to Cross Site Scripting (XSS)
MEDIUM (6.5)
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.
Published: 2023-06-16T08:37:31.962Z
Updated: 2026-04-28T16:08:12.383Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.