CVE-2023-6491

Name of the Vulnerable Software and Affected Versions Strong Testimonials plugin for WordPress versions up to, and including, 3.1.12

Description The issue arises from an improper capability check on the wpmtst save view sticky function, allowing authenticated attackers with contributor access and above to modify favorite views. This enables unauthorized modification of data.

Recommendations For versions up to, and including, 3.1.12, update to a version higher than 3.1.12 to resolve the issue. As a temporary workaround, consider restricting access to the wpmtst save view sticky function to prevent unauthorized data modification.