The HTML code generated by the FAQ shortcode does not sanitise the Display_FAQ GET parameter, leading to an unauthenticated reflected Cross-Site Scripting issue on pages where such shortcode is used.
Append the following payload on a page where a FAQ is embedded: ?Display_FAQ=
CPE | Name | Operator | Version |
---|---|---|---|
ultimate-faqs | lt | 1.8.30 |