PT-2025-45181 · WordPress · Strong Testimonials
Kishan Vyas
·
Published
2025-11-06
·
Updated
2025-11-06
·
CVE-2025-11268
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Strong Testimonials plugin for WordPress versions prior to 3.2.17
Description
The Strong Testimonials plugin for WordPress is susceptible to arbitrary shortcode execution. The software does not properly validate or sanitize user-submitted testimonial values before passing them to a
do shortcode call. This allows unauthenticated attackers to execute arbitrary shortcodes when an administrator previews or publishes a crafted testimonial.Recommendations
Update to version 3.2.17 or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Strong Testimonials