{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8686", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-06T21:16:09.366Z", "datePublished": "2025-09-11T07:24:50.705Z", "dateUpdated": "2026-04-08T16:44:07.751Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:44:07.751Z"}, "affected": [{"vendor": "wen-solutions", "product": "WP Easy FAQs", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WP_EASY_FAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "title": "WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3c2f4b-389e-4dec-bb18-b63cfa053947?source=cve"}, {"url": "https://plugins.svn.wordpress.org/wp-easy-faqs/tags/1.0.5/includes/class-wp-easy-faqs-shortcode.php"}, {"url": "https://plugins.svn.wordpress.org/wp-easy-faqs/tags/1.0.5/admin/class-wp-easy-faqs-admin.php"}, {"url": "https://wordpress.org/plugins/wp-easy-faqs/#developers"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "cweId": "CWE-79", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "baseScore": 6.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "timeline": [{"time": "2025-09-10T18:44:38.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-11T14:10:25.541694Z", "id": "CVE-2025-8686", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T14:41:18.254Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8686", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-11T14:10:25.541694Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T14:10:28.985Z"}}], "cna": {"title": "WP Easy FAQs <= 1.0.5 - Authenticated (Author+) Stored Cross-Site Scripting via WP_EASY_FAQ Shortcode", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Yudha - DJ"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "wen-solutions", "product": "WP Easy FAQs", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-10T18:44:38.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3c2f4b-389e-4dec-bb18-b63cfa053947?source=cve"}, {"url": "https://plugins.svn.wordpress.org/wp-easy-faqs/tags/1.0.5/includes/class-wp-easy-faqs-shortcode.php"}, {"url": "https://plugins.svn.wordpress.org/wp-easy-faqs/tags/1.0.5/admin/class-wp-easy-faqs-admin.php"}, {"url": "https://wordpress.org/plugins/wp-easy-faqs/#developers"}], "descriptions": [{"lang": "en", "value": "The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WP_EASY_FAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-11T07:24:50.705Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8686", "state": "PUBLISHED", "dateUpdated": "2025-09-11T14:41:18.254Z", "dateReserved": "2025-08-06T21:16:09.366Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-11T07:24:50.705Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Easy FAQs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's WP_EASY_FAQ shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page."}], "id": "CVE-2025-8686", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-11T08:15:35.227", "references": [{"source": "security@wordfence.com", "url": "https://plugins.svn.wordpress.org/wp-easy-faqs/tags/1.0.5/admin/class-wp-easy-faqs-admin.php"}, {"source": "security@wordfence.com", "url": "https://plugins.svn.wordpress.org/wp-easy-faqs/tags/1.0.5/includes/class-wp-easy-faqs-shortcode.php"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/wp-easy-faqs/#developers"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/2d3c2f4b-389e-4dec-bb18-b63cfa053947?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T16:54:42.305759+00:00", "value": {"mitigation_remediation": ["Upgrade the WP Easy FAQs plugin to the latest available version (1.0.6 or newer) as soon as possible.", "If an upgrade cannot be performed immediately, consider disabling the WP_EASY_FAQ shortcode completely or restricting its use to trusted roles through plugin settings or a role\u2011management plugin.", "Audit existing pages, posts, or content that may have the shortcode and manually remove or sanitize any injected scripts.", "Implement proper input validation and output escaping for shortcode attributes, addressing CWE\u201179."], "summary": {"action": "Apply Patch", "impact": "Stored Cross\u2011Site Scripting (authenticated author+ users)"}, "threat_synthesis": {"affected_systems": "Any WordPress installation using the wen\u2011solutions WP Easy FAQs plugin up to and including version 1.0.5 is affected. The vulnerability exists in all prior releases as well.", "description_and_impact": "The WP Easy FAQs plugin is vulnerable to a stored cross\u2011site scripting flaw triggered through the WP_EASY_FAQ shortcode. The plugin fails to sanitize or escape user\u2011supplied attributes, allowing an attacker with author\u2011level or higher access to embed arbitrary JavaScript. When the affected page is viewed, the malicious script runs in the victim\u2019s browser.", "risk_and_exploitability": "The CVSS score of 6.4 rates this vulnerability as moderate severity. However, the EPSS score is below 1\u202f%, indicating a low likelihood of exploitation at this time. It is not listed in the CISA KEV catalog. The attack vector requires an authenticated user with author privileges to insert a page containing the malicious shortcode. Once injected, the script executes for all users who view that page."}}}}, "created": "2025-09-12T08:03:03.398545+00:00", "updated": "2026-04-22T17:00:12.331033+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}