Description
WordPress Plugin Beautiful FAQ for WordPress-Everest FAQ Manager Lite [only if downloaded via the vendor website] contains suspicious code. Attackers can exploit this issue to perform a variety of actions. Successful attacks will compromise the affected application and possibly the webserver or computer. WordPress Plugin Beautiful FAQ for WordPress-Everest FAQ Manager Lite version 1.0.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.0.9 or latest
References
Related Vulnerabilities
WordPress Plugin MDC YouTube Downloader Local File Inclusion (2.1.0)
WordPress Plugin AceIDE Local File Inclusion (2.6.2)
WordPress Plugin Form Builder Cross-Site Scripting (1.2.0)
WordPress Plugin Powerplay Gallery 'upload.php' Arbitrary File Upload (3.2)
Internet Information Services Improper Input Validation Vulnerability (CVE-2009-4445)