The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.
References
Link | Resource |
---|---|
https://plugins.trac.wordpress.org/changeset/2222959/ultimate-faqs/tags/1.8.30/Shortcodes/DisplayFAQs.php | Patch Third Party Advisory |
https://wordpress.org/plugins/ultimate-faqs/#developers | Third Party Advisory |
https://wpvulndb.com/vulnerabilities/10006 | Third Party Advisory |
Configurations
History
No history.
Information
Published : 2020-01-16 05:15
Updated : 2024-02-28 17:28
NVD link : CVE-2020-7107
Mitre link : CVE-2020-7107
CVE.ORG link : CVE-2020-7107
JSON object : View
Products Affected
etoilewebdesign
- ultimate_faq
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')