Fortinet Discovers WordPress Strong Testimonials Plugin Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a cross-site scripting (XSS) vulnerability in WordPress Strong Testimonials Plugin.
Strong Testimonials is a popular lightweight WordPress plugin that lets users collect and publish testimonials or reviews. The plugin has a paid version with enhanced premium features and has over 90,000+ active installations.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jan 21, 2020
Users should update the plugin to the latest version (2.40.1).
TimelineFortinet reported the vulnerability to MachoThemes on January 20, 2020
This vulnerability was discovered by Vishnupriya Ilango of Fortinet's FortiGuard Labs.