2025-12-30 12:22:35
Wordfence
PUBLISHED
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the edit_rating function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above to modify or delete the rating meta on any testimonial post, including those created by other users, by reusing a valid nonce obtained from their own testimonial edit screen.