CVE-2026-3239 Strong Testimonials <= 3.2.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via testimonial_view Shortcode

The Strong Testimonials plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's testimonialview shortcode in all versions up to, and including, 3.2.21 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2026-3239

CVE-2026-3239 concerns the WordPress plugin Strong Testimonials. All versions up to and including 3.2.21 are affected by a Stored Cross-Site Scripting (Stored XSS) via the plugin’s testimonial_view shortcode, caused by insufficient input sanitization and output escaping on user-supplied attribute...