Accordion & FAQ < 1.9.9 – Reflected XSS | CVE 2023-1891 | Plugin Vulnerabilities

Description

The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

Proof of Concept

Make a logged-in admin open one of the URLs below when the feature notice has not been dismissed yet

https://example.com/wp-admin/edit-tags.php?taxonomy=helpie_faq_group&post_type=helpie_faq&"><script>alert(/XSS/)</script>

Affects Plugins

Fixed in 1.9.9

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Verified

Yes

WPVDB ID

4e5d993f-cc20-4b5f-b4c8-c13004151828

Timeline

Publicly Published

2023-06-05 (about 11 months ago)

Added

2023-06-05 (about 11 months ago)

Last Updated

2023-06-05 (about 11 months ago)

Other

Published

Title

Published

2016-04-12

Title

Hero Maps Pro <= 2.1.0 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2014-08-01

Title

podPress 8.8.10.13 - players/1pixelout/1pixelout_player.swf playerID Parameter XSS

Published

2019-09-28

Title

Visualizer < 3.3.1 - Stored Cross-Site Scripting (XSS)

Published

2024-03-15

Title

The Moneytizer < 9.6.1 - Authenticated (Contributor+) Stored Cross-Site Scripting

Published

2022-08-29

Title

Zephyr Project Manager < 3.2.5 - Unauthorised REST Calls to Stored XSS