CVE-2024-3261 – Strong Testimonials < 3.1.12 - Contributor+ Stored XSS

https://notcve.org/view.php?id=CVE-2024-3261

03 Apr 2024 — The Strong Testimonials WordPress plugin before 3.1.12 does not validate and escape some of its Testimonial fields before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. The attack requires a specific view to be performed El complemento Strong Testimonials de WordPress anterior a 3.1.12 no valida ni escapa algunos de sus campos de testimonios antes de devolverlos a una página/publicación, lo que podría permitir ... • https://wpscan.com/vulnerability/5a0d5922-eefc-48e1-9681-b63e420bb8b3 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •