Lucene search
Vinay Varma MudunuriWPVDB-ID:E5C06B38-FAB8-44AF-84DC-DF94EB72CE80HistoryMay 10, 2022 - 12:00 a.m.
Easy FAQ with Expanding Text <= 3.2.8.3.1 - Admin+ Stored Cross-Site Scripting
2022-05-1000:00:00
Vinay Varma Mudunuri
wpscan.com
14
0.001 Low
EPSS
Percentile
25.0%
The plugin does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
PoC
Put the following payload in any of the plugin’s settings (such as Font size, Font Color) and save: ">
| CPE | Name | Operator | Version |
|---|---|---|---|
| easy-faq-with-expanding-text | eq | * |
Related
patchstack
patchstack
cve
cve
CVE-2022-1395
2022-05-30 09:15:09
wpexploit
wpexploit
prion
prion
Cross site scripting
2022-05-30 09:15:00
cvelist
cvelist
nvd
nvd
CVE-2022-1395
2022-05-30 09:15:09