CVE-2024-3261

medium

Description

The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed

References

https://wpscan.com/vulnerability/5a0d5922-eefc-48e1-9681-b63e420bb8b3/

Details

Source: Mitre, NVD

Published: 2024-04-24

Updated: 2025-05-08

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N