CVE-2019-17233
MEDIUM EXPLOITED IN THE WILD NUCLEIEtoilewebdesign Ultimate Faq < 1.8.24 - XSS
Title source: ruleDescription
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
Nuclei Templates (1)
WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection
MEDIUMVERIFIEDby daffainfo
Scores
CVSS v3
6.1
EPSS
0.0110
EPSS Percentile
78.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Details
VulnCheck KEV
2022-12-30
InTheWild.io
2023-01-02
CWE
CWE-79
Status
published
Products (1)
etoilewebdesign/ultimate_faq
< 1.8.24
Published
Oct 07, 2019
Tracked Since
Feb 18, 2026