Wpchill Strong Testimonials
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Wpchill Strong Testimonials.
By the Year
In 2026 there have been 2 vulnerabilities in Wpchill Strong Testimonials with an average score of 6.5 out of ten. Last year, in 2025 Strong Testimonials had 4 security vulnerabilities published. At the current rates, it appears that the number of vulnerabilities last year and this year may equal out. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.45.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 2 | 6.45 |
| 2025 | 4 | 5.00 |
| 2024 | 4 | 5.80 |
| 2023 | 1 | 6.50 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 1 | 0.00 |
It may take a day or so for new Strong Testimonials vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Wpchill Strong Testimonials Security Vulnerabilities
Strong Testimonials WP Plugin 3.2.21 Stored XSS via testimonial_view shortcode
CVE-2026-3239
6.4 - Medium
- April 08, 2026
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonial_view shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
WP Chill Strong Testimonials Missing Auth Vulnerability 3.2.20
CVE-2026-24957
6.5 - Medium
- February 03, 2026
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through <= 3.2.20.
AuthZ
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to
CVE-2025-14426
4.3 - Medium
- December 30, 2025
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above to modify or delete the rating meta on any testimonial post, including those created by other users, by reusing a valid nonce obtained from their own testimonial edit screen.
AuthZ
Strong Testimonials <=3.2.16 Arbitrary Shortcode Execution
CVE-2025-11268
4.3 - Medium
- November 06, 2025
The Strong Testimonials plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.2.16. This is due to the software allowing users to submit a testimonial in which a value is not properly validated or sanitized prior to being passed to a do_shortcode call. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes if an administrator previews or publishes a crafted testimonial.
XSS
Strong Testimonials WP Plugin 3.2.11 – Stored XSS via Custom Fields (Author Auth)
CVE-2025-7367
6.4 - Medium
- July 15, 2025
The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Testimonial Custom Fields in all versions up to, and including, 3.2.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
XSS
Strong Testimonials <=3.2.3 Missing Auth ACL WP Chill WordPress
CVE-2025-26975
- February 25, 2025
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Strong Testimonials: from n/a through <= 3.2.3.
AuthZ
WPChill Strong Testimonials 3.1.16: Missing Authorization Vulnerability in Access Control
CVE-2024-47362
4.3 - Medium
- November 01, 2024
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials.This issue affects Strong Testimonials: from n/a through <= 3.1.16.
AuthZ
Auth Attacker Modifies Views in Strong Testimonials <=3.1.12
CVE-2023-6491
4.3 - Medium
- June 07, 2024
The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to an improper capability check on the wpmtst_save_view_sticky function in all versions up to, and including, 3.1.12. This makes it possible for authenticated attackers, with contributor access and above, to modify favorite views.
Authorization
Stored XSS in Strong Testimonials WP plugin before 3.1.12
CVE-2024-3261
- April 24, 2024
The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed
XSS
CSRF in WPChill Strong Testimonials <3.1.10
CVE-2023-52123
8.8 - High
- January 05, 2024
Cross-Site Request Forgery (CSRF) vulnerability in WPChill Strong Testimonials.This issue affects Strong Testimonials: from n/a through 3.1.10.
Session Riding
WPChill Strong Testimonials XSS <=3.0.2 (Auth: contributor+)
CVE-2023-26013
6.5 - Medium
- June 16, 2023
Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WPChill Strong Testimonials plugin <= 3.0.2 versions.
XSS
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress
CVE-2020-8549
- February 03, 2020
Stored XSS in the Strong Testimonials plugin before 2.40.1 for WordPress can result in an attacker performing malicious actions such as stealing session tokens.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Wpchill Strong Testimonials or by Wpchill? Click the Watch button to subscribe.
