Strong Testimonials WordPress Plugin Missing Authorization Vulnerability in Rating Meta Update

A vulnerability exists in the Strong Testimonials plugin for WordPress, allowing unauthorized data modification. This issue arises from a lack of capability checks in the 'edit_rating' function, affecting all versions up to and including 3.2.18. The vulnerability enables authenticated attackers with Contributor-level access and above to alter or delete rating metadata on any testimonial post, including those authored by other users. Exploitation involves reusing a valid nonce obtained from the user's own testimonial edit screen.

Impact

Exploitation of this vulnerability allows for unauthorized modification or deletion of rating metadata on testimonial posts, potentially disrupting the integrity of user-generated content.

Reproduction

To reproduce this vulnerability, an authenticated user with Contributor-level access or higher can edit a testimonial post. While in the post editor, the user can obtain a nonce for the 'edit_rating' field. This nonce can be reused to send an AJAX request that modifies or deletes the rating meta on any testimonial post, including those created by other users.

Remediation

Users are advised to update the Strong Testimonials plugin to version 3.2.19 or a newer patched version.