CVE-2024-3261

Name of the Vulnerable Software and Affected Versions Strong Testimonials WordPress plugin versions prior to 3.1.12

Description The issue allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks due to the lack of validation and escaping of some Testimonial fields before outputting them back in a page or post. The attack requires a specific view to be performed. This could potentially be exploited to forge admin accounts.

Recommendations For versions prior to 3.1.12, update to version 3.1.12 or later to resolve the issue. As a temporary workaround, consider restricting the contributor role and above from accessing the affected Testimonial fields until a patch is applied. Restrict access to the vulnerable Testimonial fields to minimize the risk of exploitation.