CVE-2019-17232
published 2019-10-07CVE-2019-17232: Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
PriorityP278high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
3.52%
87.8th percentile
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| etoilewebdesign | ultimate_faq | <= 1.8.24 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-admin/admin.php?page=EWD-UFAQ-Options&DisplayPage=ImportPosts&Action=EWD_UFAQ_ImportFaqsFromSpreadsheet↗
- →Detect unauthenticated POST to the import endpoint by checking for the Action=EWD_UFAQ_ImportFaqsFromSpreadsheet parameter with no authenticated session cookie; a 302 redirect that does NOT contain 'reauth=1' in the Location header indicates successful unauthenticated import. ↗
- →The exploit uses a multipart/form-data POST with boundary '----WebKitFormBoundary34ZHf69LbDjZlcL5' and field name 'FAQs_Spreadsheet' uploading a CSV file; monitor for unauthenticated multipart uploads to wp-admin/admin.php targeting this action. ↗
- →Use Shodan/FOFA/PublicWWW fingerprinting queries to identify exposed WordPress instances running the vulnerable ultimate-faqs plugin. ↗
- ·The vulnerability affects ultimate-faqs plugin versions up to and including 1.8.24; version 1.8.25 and later are patched. ↗
- ·The Nuclei template requires two sequential HTTP requests (flow: http(1) && http(2)): the first import POST must not redirect to reauth=1 before the export GET is attempted to confirm exploitation. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N
vulncheck7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-w6r2-564w-p6vf: Functions/EWD_UFAQ_Import
ghsa_unreviewed·2022-05-24
CVE-2019-17232 [HIGH] CWE-20 GHSA-w6r2-564w-p6vf: Functions/EWD_UFAQ_Import
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
VulnCheck
etoilewebdesign ultimate_faq Missing Authentication for Critical Function
vulncheck·2019·CVSS 7.5
CVE-2019-17232 [HIGH] etoilewebdesign ultimate_faq Missing Authentication for Critical Function
etoilewebdesign ultimate_faq Missing Authentication for Critical Function
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
Affected: etoilewebdesign ultimate_faq
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://news.drweb.com/show/?i=14646&lng=en&c=23
No detection rules found.
Nuclei
WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export
nuclei·CVSS 7.5
CVE-2019-17232 [HIGH] WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export
WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
Template:
id: CVE-2019-17232
info:
name: WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export
author: daffainfo
severity: high
description: |
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
impact: |
Unauthenticated attackers can import arbitrary FAQs and configuration through CSV upload, potentially injecting malicious content or extracting existing FAQ data from the WordPress site.
remediation: |
Update the Ultimate FAQs plugin to version 1.8.25 or later.
reference:
- https://blog.n
No writeups or analysis indexed.
https://blog.nintechnet.com/unauthenticated-options-import-vulnerability-in-wordpress-ultimate-faq-plugin/https://wordpress.org/plugins/ultimate-faqs/#developershttps://wpvulndb.com/vulnerabilities/9883https://blog.nintechnet.com/unauthenticated-options-import-vulnerability-in-wordpress-ultimate-faq-plugin/https://wordpress.org/plugins/ultimate-faqs/#developershttps://wpvulndb.com/vulnerabilities/9883
2019-10-07
Published
Exploited in the wild