Fortinet Discovers WordPress Plugin Testimonials Cross-Site Scripting Vulnerability
Fortinet's FortiGuard Labs has discovered a stored cross-site scripting (XSS) vulnerability in the WordPress plugin Testimonials developed by Shaped Plugin.
Testimonial is the Best Testimonials Showcase Plugin for WordPress built to display testimonials, reviews or quotes in multiple ways on any page or widget. The plugin has over 10,000 active installations.
SolutionsFortiGuard Labs released the following FortiGate IPS signature which covers this specific vulnerability:
Released Feb 20, 2020
Users should update the plugin to the latest version (2.2).
Fortinet reported the vulnerability to WordPress Plugin Team on January 28, 2020
WordPress Plugin Team acknowledged the vulnerability on February 06, 2020
Shaped Plugin Team patched the vulnerability on March 25, 2020