Stored Cross-Site Scripting Vulnerability in Easy FAQs by Gold Plugins
CVE-2025-23795

6.5MEDIUM

Key Information:

Vendor
WordPress
Status
Vendor
CVE Published:
16 January 2025

Summary

The Easy FAQs plugin by Gold Plugins is vulnerable to a Stored Cross-Site Scripting (XSS) attack due to improper handling of input during web page generation. This flaw allows attackers to inject malicious scripts, which can be executed in the context of users visiting the affected web pages. The vulnerability affects versions up to 3.2.1, potentially compromising the integrity of personal data and leading to unauthorized actions on behalf of legitimate users.

Affected Version(s)

Easy FAQs <= 3.2.1

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SOPROBRO (Patchstack Alliance)
.