Raldea89

**Name of the Vulnerable Software and Affected Versions** Strong Testimonials plugin for WordPress versions up to and including 3.2.18 **Description** The Strong Testimonials plugin for WordPress has a flaw that allows unauthorized modification of data. This is due to a missing capability check within the `edit rating()` function. Authenticated attackers with Contributor-level access or higher can modify or delete rating meta on any testimonial post, even those created by other users. This is achieved by reusing a valid nonce obtained from their own testimonial edit screen. **Recommendations** Update the Strong Testimonials plugin to a version later than 3.2.18.