{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14426", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-10T01:58:29.132Z", "datePublished": "2025-12-30T12:22:35.514Z", "dateUpdated": "2026-04-08T17:21:32.717Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:21:32.717Z"}, "affected": [{"vendor": "wpchill", "product": "Strong Testimonials", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.2.18", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above to modify or delete the rating meta on any testimonial post, including those created by other users, by reusing a valid nonce obtained from their own testimonial edit screen."}], "title": "Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c83f48dd-9070-412d-b911-98581a81e29a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/strong-testimonials/tags/3.2.18/admin/class-strong-testimonials-post-editor.php#L379"}, {"url": "https://plugins.trac.wordpress.org/browser/strong-testimonials/tags/3.2.18/admin/class-strong-testimonials-post-editor.php#L29"}, {"url": "https://plugins.trac.wordpress.org/changeset/3416480/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "M Indra Purnama"}], "timeline": [{"time": "2025-12-10T02:14:15.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-12-29T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-30T12:52:12.713000Z", "id": "CVE-2025-14426", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-30T12:52:25.767Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14426", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-30T12:52:12.713000Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-30T12:52:17.854Z"}}], "cna": {"title": "Strong Testimonials <= 3.2.18 - Missing Authorization to Authenticated (Contributor+) Rating Meta Update", "credits": [{"lang": "en", "type": "finder", "value": "M Indra Purnama"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "wpchill", "product": "Strong Testimonials", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.2.18"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-10T02:14:15.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-12-29T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c83f48dd-9070-412d-b911-98581a81e29a?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/strong-testimonials/tags/3.2.18/admin/class-strong-testimonials-post-editor.php#L379"}, {"url": "https://plugins.trac.wordpress.org/browser/strong-testimonials/tags/3.2.18/admin/class-strong-testimonials-post-editor.php#L29"}, {"url": "https://plugins.trac.wordpress.org/changeset/3416480/"}], "descriptions": [{"lang": "en", "value": "The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above to modify or delete the rating meta on any testimonial post, including those created by other users, by reusing a valid nonce obtained from their own testimonial edit screen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:21:32.717Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14426", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:21:32.717Z", "dateReserved": "2025-12-10T01:58:29.132Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-30T12:22:35.514Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Strong Testimonials plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'edit_rating' function in all versions up to, and including, 3.2.18. This makes it possible for authenticated attackers with Contributor-level access and above to modify or delete the rating meta on any testimonial post, including those created by other users, by reusing a valid nonce obtained from their own testimonial edit screen."}, {"lang": "es", "value": "El plugin Strong Testimonials para WordPress es vulnerable a la modificaci\u00f3n no autorizada de datos debido a una comprobaci\u00f3n de capacidad faltante en la funci\u00f3n 'edit_rating' en todas las versiones hasta la 3.2.18, inclusive. Esto hace posible que atacantes autenticados con acceso de nivel Colaborador o superior modifiquen o eliminen los metadatos de calificaci\u00f3n en cualquier publicaci\u00f3n de testimonio, incluidas las creadas por otros usuarios, al reutilizar un nonce v\u00e1lido obtenido de su propia pantalla de edici\u00f3n de testimonios."}], "id": "CVE-2025-14426", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-30T13:16:22.490", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/strong-testimonials/tags/3.2.18/admin/class-strong-testimonials-post-editor.php#L29"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/strong-testimonials/tags/3.2.18/admin/class-strong-testimonials-post-editor.php#L379"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3416480/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c83f48dd-9070-412d-b911-98581a81e29a?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:20:17.052396+00:00", "value": {"mitigation_remediation": ["Update the Strong Testimonials plugin to version 3.2.19 or later, which includes the missing authorization check.", "If an immediate update is not possible, restrict the Contributor role or remove users who do not require rating modification permissions.", "Verify that only users with the appropriate Edit Ratings capability can modify testimonial meta, and consider implementing custom role checks if the plugin does not provide granular control."], "summary": {"action": "Patch", "impact": "Data Integrity \u2013 Unauthorized Modification"}, "threat_synthesis": {"affected_systems": "All installations of the Strong Testimonials plugin up to and including version 3.2.18 are affected. The impact is limited to the WordPress plugin and does not extend to the core CMS or other plugins.", "description_and_impact": "The Strong Testimonials plugin for WordPress contains a missing capability check in its 'edit_rating' function. This flaw allows any authenticated user with Contributor-level access to modify or delete the rating meta on any testimonial post, regardless of ownership. The vulnerability is classified as a missing authorization (CWE\u2011862) and directly compromises the integrity of testimonial ratings, potentially skewing displayed data and misleading site visitors.", "risk_and_exploitability": "The CVSS score of 4.3 indicates moderate severity, primarily due to the limited scope of the flaw and the need for authenticated access. The EPSS score of less than 1% suggests that the probability of exploitation in the wild is very low at present, and the vulnerability is not listed in CISA's KEV catalog. However, the attack vector requires only a valid WordPress nonce, which can be obtained from a contributor's own testimonial edit screen, making the exploitation path straightforward for attackers who already have Contributor or higher privileges. Consequently, sites with exposed Contributor roles are at low to moderate risk of data integrity compromise."}}}}, "created": "2026-01-05T10:19:49.397152+00:00", "updated": "2026-04-20T21:30:18.568106+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress", "wpchill", "wpchill$PRODUCT$strong_testimonials"]}