Accordion & FAQ < 1.9.9 – Reflected XSS | CVE 2023-1891 | Plugin Vulnerabilities

Description

The plugin does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

Proof of Concept

Make a logged-in admin open one of the URLs below when the feature notice has not been dismissed yet

https://example.com/wp-admin/edit-tags.php?taxonomy=helpie_faq_group&post_type=helpie_faq&"><script>alert(/XSS/)</script>

Affects Plugins

Fixed in 1.9.9

References

CVE

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Erwan LR (WPScan)

Verified

Yes

WPVDB ID

4e5d993f-cc20-4b5f-b4c8-c13004151828

Timeline

Publicly Published

2023-06-05 (about 2 years ago)

Added

2023-06-05 (about 2 years ago)

Last Updated

2023-06-05 (about 2 years ago)

Other

Published

Title

Published

2024-03-18

Title

SendPress Newsletters <= 1.23.11.6 - Admin+ Stored XSS via Settings

Published

2021-12-27

Title

Orders Tracking for WooCommerce < 1.1.10 - Reflected Cross-Site Scripting

Published

2021-08-25

Title

Responsive Poll < 1.5.9 - Reflected Cross-Site Scripting

Published

2024-09-13

Title

Waitlist Woocommerce ( Back in stock notifier ) < 2.7.6 - Reflected Cross-Site Scripting

Published

2024-03-07

Title

Premium Addons PRO < 2.9.13 - Authenticated (Contributor+) Stored Cross-Site Scripting via Global Badge Module