Fortinet Discovers WordPress Strong Testimonials Plugin Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a cross-site scripting (XSS) vulnerability in WordPress Strong Testimonials Plugin.
Strong Testimonials is a popular lightweight WordPress plugin that lets users collect and publish testimonials or reviews. The plugin has a paid version with enhanced premium features and has over 90,000+ active installations.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Jan 21, 2020
Users should update the plugin to the latest version (2.40.1).
TimelineFortinet reported the vulnerability to MachoThemes on January 20, 2020