CVE-2019-17233
published 2019-10-07CVE-2019-17233: Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
PriorityP279medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
1.84%
76.4th percentile
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| etoilewebdesign | ultimate_faq | <= 1.8.24 | — |
Detection & IOCsextracted from sources · hover to see the quote
url/?ufaq={{question}}
- →HTTP response status code 302 with Location header containing 'reauth=1' indicates authentication redirect (used as internal matcher for unauthenticated access check)
- →Successful injection is confirmed when the injected string payload is reflected in the HTTP 200 response body via the /?ufaq= endpoint
- ·Vulnerability affects ultimate-faqs plugin versions through 1.8.24 only; later versions may be patched ↗
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
vulncheck6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5r74-p252-mh8w: Functions/EWD_UFAQ_Import
ghsa_unreviewed·2022-05-24
CVE-2019-17233 [MEDIUM] GHSA-5r74-p252-mh8w: Functions/EWD_UFAQ_Import
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
VulnCheck
etoilewebdesign ultimate_faq Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
vulncheck·2019·CVSS 6.1
CVE-2019-17233 [MEDIUM] etoilewebdesign ultimate_faq Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
etoilewebdesign ultimate_faq Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
Affected: etoilewebdesign ultimate_faq
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://news.drweb.com/show/?i=14646&lng=en&c=23; https://app.crowdsec.net/cti/cve-explorer/CVE-2019-17233
No detection rules found.
Nuclei
WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection
nuclei·CVSS 6.1
CVE-2019-17233 [MEDIUM] WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection
WordPress Ultimate FAQs {{string}}","","","2025-09-17 17:16:33"
------WebKitFormBoundary34ZHf69LbDjZlcL5--
matchers:
- type: dsl
dsl:
- status_code == 302
- contains(location, 'reauth=1')
condition: and
internal: true
- raw:
- |
GET /?ufaq={{question}} HTTP/1.1
Host: {{Hostname}}
matchers-condition: and
matchers:
- type: word
part: body
words:
- "{{string}}"
- type: status
status:
- 200
# digest: 4a0a004730450221008478881e5ef4cb7ecda0eb5cfce2a6004dea98ec3cc8f647b999047704eb31d502202c9c78e9b93757a8f31773e166c365e6b7e8765ddcdc1dbea9286a1433f01fea:922c64590222798bb761d5b6d8e72950
No writeups or analysis indexed.
https://blog.nintechnet.com/unauthenticated-options-import-vulnerability-in-wordpress-ultimate-faq-plugin/https://wordpress.org/plugins/ultimate-faqs/#developershttps://wpvulndb.com/vulnerabilities/9883https://blog.nintechnet.com/unauthenticated-options-import-vulnerability-in-wordpress-ultimate-faq-plugin/https://wordpress.org/plugins/ultimate-faqs/#developershttps://wpvulndb.com/vulnerabilities/9883
2019-10-07
Published
Exploited in the wild