HTML5 Responsive FAQ <= 2.8.5 – Admin+ Stored Cross-Site Scripting | CVE 2021-24995 | Plugin Vulnerabilities

Description

The plugin does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed

Proof of Concept

Put the following payload in the "Text size of answer (in pixels)" settings: </style><script>alert('XSS');</script>

The XSS will be triggered in the footer of all frontend pages

Affects Plugins

html5-responsive-faq

No known fix

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

José Aguilera

Submitter

José Aguilera

Submitter website

https://jsgm.dev

Verified

Yes

WPVDB ID

3caf0de0-57f2-4c87-8713-d00a7db9eeef

Timeline

Publicly Published

2021-11-23 (about 4 years ago)

Added

2022-02-15 (about 3 years ago)

Last Updated

2022-04-08 (about 3 years ago)

Other

Published

Title

Published

2024-05-07

Title

3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin < 3.72 - Authenticated (Author+) Stored Cross-Site Scripting

Published

2025-01-07

Title

Biltorvet Dealer Tools <= 1.0.22 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2023-04-19

Title

Uji Popup <= 1.4.3 - Contributor+ Stored XSS

Published

2024-05-21

Title

LuckyWP Table of Contents < 2.1.5 - Contributor+ Stored XSS

Published

2025-10-03

Title

Fusion Builder < 3.13.3 - Authenticated (Contributor+) Stored Cross-Site Scripting