Lucene search

K
wpvulndbWpvulndbWPVDB-ID:5E1CEFD5-5369-44BD-AEF7-2A382C8D8E33
HistoryJan 06, 2020 - 12:00 a.m.

Ultimate FAQ < 1.8.30 - Unauthenticated Reflected XSS

2020-01-0600:00:00
wpscan.com
3

The HTML code generated by the FAQ shortcode does not sanitise the Display_FAQ GET parameter, leading to an unauthenticated reflected Cross-Site Scripting issue on pages where such shortcode is used.

PoC

Append the following payload on a page where a FAQ is embedded: ?Display_FAQ=

CPENameOperatorVersion
ultimate-faqslt1.8.30
Related for WPVDB-ID:5E1CEFD5-5369-44BD-AEF7-2A382C8D8E33