CVE-2023-1891: Accordion & FAQ < 1.9.9 - Reflected XSS

0.0 CVSS

Description

The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

Classification

CVE ID: CVE-2023-1891

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: Unknown

Product: Accordion & FAQ

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.07% (probability of being exploited)

EPSS Percentile: 34.0% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://wpscan.com/vulnerability/4e5d993f-cc20-4b5f-b4c8-c13004151828

Timeline

2024-11-28 00:10:50 UTC
CVE

Accordion & FAQ < 1.9.9 - Reflected XSS