WordPress Plugin Vulnerabilities

Ultimate FAQ < 1.8.30 - Unauthenticated Reflected XSS

Description

The HTML code generated by the FAQ shortcode does not sanitise the Display_FAQ GET parameter, leading to an unauthenticated reflected Cross-Site Scripting issue on pages where such shortcode is used.

Proof of Concept

Affects Plugins

Plugin icon
ultimate-faqs
Fixed in 1.8.30

References

CVE
CVE-2020-7107
URL
https://plugins.trac.wordpress.org/changeset/2222959

Classification

Type
XSS
OWASP top 10
A7: Cross-Site Scripting (XSS)
CWE
CWE-79
CVSS
6.1 (medium)

Miscellaneous

Original Researcher
Ryan Knell
Verified
Yes
WPVDB ID
5e1cefd5-5369-44bd-aef7-2a382c8d8e33

Timeline

Publicly Published
2020-01-06 (about 6 years ago)
Added
2020-01-07 (about 6 years ago)
Last Updated
2020-09-22 (about 5 years ago)

Other

Published
Title
Published
2025-05-19
Title
Ultimate Blocks < 3.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-07-10
Title
FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel < 2.4.32 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting
Published
2023-06-26
Title
Optin Forms < 1.3.3 - Admin+ Stored XSS
Published
2025-10-10
Title
WP Easy Toggles <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
Published
2025-12-11
Title
Wpik WordPress Basic Ajax Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting