PT-2022-13855 · WordPress · The Easy Faq With Expanding Text

Krishna Harsha Kondaveeti

Published

2022-05-30

Updated

2022-06-08

CVE-2022-1395

CVSS v3.1

4.8

Medium

Vector

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions The Easy FAQ with Expanding Text WordPress plugin versions 3.2.8.3.1 and earlier

Description The issue allows high privilege users to perform Cross-Site Scripting attacks when unfiltered html is disallowed, due to the plugin not sanitising and escaping its settings.

Recommendations For versions 3.2.8.3.1 and earlier, update to a version that properly sanitises and escapes settings to prevent Cross-Site Scripting attacks. As a temporary workaround, consider restricting access to the plugin's settings to minimize the risk of exploitation.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

CVE-2022-1395

Affected Products

The Easy Faq With Expanding Text

PT-2022-13855 · WordPress · The Easy Faq With Expanding Text

CVE-2022-1395

Weakness Enumeration

Related Identifiers

Affected Products

References · 4