Stored Cross-Site Scripting Vulnerability in Easy FAQs by Gold Plugins
CVE-2025-23795

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Easy Faqs
Vendor: CVE Published:; 16 January 2025

Summary

The Easy FAQs plugin by Gold Plugins is vulnerable to a Stored Cross-Site Scripting (XSS) attack due to improper handling of input during web page generation. This flaw allows attackers to inject malicious scripts, which can be executed in the context of users visiting the affected web pages. The vulnerability affects versions up to 3.2.1, potentially compromising the integrity of personal data and leading to unauthorized actions on behalf of legitimate users.

Affected Version(s)

Easy FAQs <= 3.2.1

References

https://patchstack.com/database/wordpress/plugin/easy-faq...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)