What the vulnerability does
01Description
Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Strong Testimonials: from n/a through <= 3.2.20.
Explanation of Vulnerability in Simple Terms
02Summary
Strong Testimonials through version 3.2.20 does not properly check user permissions before allowing access to sensitive data. A logged-in user with low privileges can read information they should not have access to. The vulnerability requires a valid user account but no special interaction from the victim.
What an attacker can do
03Attacker Capabilities
Read sensitive data they should not have access to as a low-privilege user.
Potential impact on your site
04Site Impact
User data may be exposed to low-privilege accounts; review access logs and user roles.
Conditions required to exploit
05Prerequisites
Attacker must have a valid user account with low privileges on the site.
Key dates
06Disclosure timeline
February 3, 2026
CVE published
April 28, 2026
Record updated