The vulnerability identified as CVE-2026-24957 affects the Strong Testimonials plugin by WP Chill. It is caused by missing authorization checks, which leads to incorrectly configured access control security levels. This allows users with low privileges to potentially access or interact with parts of the plugin that should require higher authorization. The issue affects all versions up to and including 3.2.20. The CVSS 3.1 base score is 6.5, with network attack vector, low attack complexity, requiring privileges, no user interaction, unchanged scope, high confidentiality impact, and no integrity or availability impact.

An attacker with low privileges on a WordPress site using the affected Strong Testimonials plugin could exploit this vulnerability to gain unauthorized access to sensitive information or functionality within the plugin. The confidentiality of data can be compromised, but integrity and availability are not impacted. There are no known active exploits in the wild at this time.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, restrict user privileges to trusted users only and monitor for suspicious activity related to the Strong Testimonials plugin. Avoid granting unnecessary privileges that could be leveraged to exploit this vulnerability.