Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitWpvulndbWPEX-ID:5E1CEFD5-5369-44BD-AEF7-2A382C8D8E33
HistoryJan 06, 2020 - 12:00 a.m.

Ultimate FAQ < 1.8.30 - Unauthenticated Reflected XSS

2020-01-0600:00:00
wpvulndb
7
JSON

The HTML code generated by the FAQ shortcode does not sanitise the Display_FAQ GET parameter, leading to an unauthenticated reflected Cross-Site Scripting issue on pages where such shortcode is used.

Append the following payload on a page where a FAQ is embedded: ?Display_FAQ=</script><svg/onload=alert(/XSS/)>

Related

wpvulndb 1
cve 1
prion 1
nuclei 1
wpvulndb
wpvulndb
Ultimate FAQ < 1.8.30 - Unauthenticated Reflected XSS
2020-01-06 00:00:00
cve
cve
CVE-2020-7107
2020-01-16 05:15:00
prion
prion
Design/Logic Flaw
2020-01-16 05:15:00
nuclei
nuclei
WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting
2023-03-18 22:07:09
JSON
Related for WPEX-ID:5E1CEFD5-5369-44BD-AEF7-2A382C8D8E33
wpvulndb1cve1prion1nuclei1