CVE-2019-17232

HIGH EXPLOITED IN THE WILD NUCLEI

Etoilewebdesign Ultimate Faq < 1.8.24 - Missing Authentication

Title source: rule

Description

Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.

Nuclei Templates (1)

WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export
HIGHVERIFIEDby daffainfo
Shodan: http.html:"/wp-content/plugins/ultimate-faqs"
FOFA: body="/wp-content/plugins/ultimate-faqs"

References (3)

Scores

CVSS v3 7.5
EPSS 0.0919
EPSS Percentile 92.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

VulnCheck KEV 2022-12-30
InTheWild.io 2023-01-02
CWE
CWE-306
Status published
Products (1)
etoilewebdesign/ultimate_faq < 1.8.24
Published Oct 07, 2019
Tracked Since Feb 18, 2026