CVE-2025-67556

Vulnerability

Overview

CVE-2025-67556 is a Stored Cross-Site Scripting (XSS) vulnerability in the ThemeHigh Advanced FAQ Manager plugin for WordPress, affecting versions from n/a through 1.5.2. The root cause is improper neutralization of user-supplied input during web page generation, allowing FAQ content to be stored with unsanitized HTML or JavaScript [1].

Exploitation

To exploit this vulnerability, an attacker must have a role with sufficient privileges to create or edit FAQ entries (e.g., administrator or editor). The injected script is stored in the database and executed when any user, including site visitors, views the affected FAQ page. User interaction is required for the initial injection, but the stored payload triggers automatically on page load [1].

Impact

Successful exploitation enables an attacker to inject arbitrary scripts, such as redirects, advertisements, or other HTML payloads, into the website. These scripts execute in the context of the victim's browser, potentially leading to session hijacking, defacement, or phishing attacks against site visitors [1].

Mitigation

The vendor has released version 1.5.3, which fixes the vulnerability. Users are strongly advised to update immediately. For Patchstack users, auto-updates can be enabled for vulnerable plugins. If updating is not possible, consult a hosting provider or web developer or hosting provider for temporary workarounds [1].