Strong Testimonials < 2.40.1 - Stored Cross Site Scripting (XSS)



Description
Multiple stored XSS vulnerabilities found in popular WordPress testimonial plugin, Strong Testimonials.

First reported to the Strong Testimonials team on 23rd January 2020.

Affects Plugin

fixed in version 2.40.1

References

CVE 2020-8549
URL https://www.getastra.com/blog/911/plugin-exploit/stored-xss-vulnerability-found-in-strong-testimonials-plugin/
URL https://www.jinsonvarghese.com/stored-xss-vulnerability-in-strong-testimonials-plugin/
URL https://github.com/MachoThemes/strong-testimonials/blob/master/changelog.txt

Classification

Type XSS
OWASP Top 10 A7: Cross-Site Scripting (XSS)
CWE CWE-79

Miscellaneous

Original Researcher Jinson Varghese Behanan
Submitter Jinson Varghese Behanan
Submitter Website https://www.jinsonvarghese.com
Submitter Twitter JinsonCyberSec
Views 4837
Verified No
WPVDB ID 10056

Timeline

Publicly Published 2020-02-01 (about 2 months ago)
Added 2020-02-01 (about 2 months ago)
Last Updated 2020-02-04 (about 2 months ago)

Our Other Services

Online WordPress Vulnerability Scanner WPScan WordPress Security Plugin