Stored XSS Vulnerability in Strong Testimonials Plugin for WordPress
CVE-2020-8549

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Strong Testimonials
Vendor
CVE Published:
3 February 2020

Summary

The Strong Testimonials plugin for WordPress, prior to version 2.40.1, is susceptible to a Stored XSS vulnerability. This flaw allows attackers to inject malicious scripts into pages viewed by users, which can lead to serious security risks such as session hijacking and unauthorized actions executed from the victim's browser. It is crucial for users of this plugin to update to the latest version to mitigate the risk of exploitation.

References

https://wpvulndb.com/vulnerabilities/10056
x_refsource_MISC
https://github.com/MachoThemes/strong-testimonials/blob/m...
x_refsource_MISC
https://www.getastra.com/blog/911/plugin-exploit/stored-x...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.