HTML Content Injection Vulnerability in Ultimate FAQs Plugin for WordPress
CVE-2019-17233

6.1MEDIUM

Key Information:

Vendor
Wordpress
Status
Ultimate Faq
Vendor
CVE Published:
7 October 2019

Summary

The Ultimate FAQs Plugin for WordPress, specifically in the functions/EWD_UFAQ_Import.php file, has a vulnerability that allows attackers to inject malicious HTML content. This issue exists in versions up to 1.8.24, potentially enabling unauthorized users to manipulate content on affected websites, leading to possible security breaches and a compromise of user data.

References

https://wordpress.org/plugins/ultimate-faqs/#developers
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/9883
x_refsource_MISC
https://blog.nintechnet.com/unauthenticated-options-impor...
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.