CVE-2022-1395 Easy FAQ with Expanding Text <= 3.2.8.3.1 - Admin+ Stored Cross-Site Scripting

2022-05-3008:35:45

CWE-79

WPScan

www.cve.org

0.001 Low

EPSS

Percentile

25.0%

JSON

The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed

CNA Affected

[
  {
    "product": "Easy FAQ with Expanding Text",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThanOrEqual": "3.2.8.3.1",
        "status": "affected",
        "version": "3.2.8.3.1",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/e5c06b38-fab8-44af-84dc-df94eb72ce80

0.001 Low

EPSS

Percentile

25.0%

JSON

Related for CVELIST:CVE-2022-1395