CVE-2025-52759
Deferred Deferred - Pending Action
Improper Neutralization of Input During Web Page Generation in Accordion FAQ

Publication date: 2026-06-02

Last updated on: 2026-06-02

Assigner: Patchstack

Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-02
Last Modified
2026-06-02
Generated
2026-06-22
AI Q&A
2026-06-02
EPSS Evaluated
2026-06-21
NVD
CVE-2025-52759
EUVD
EUVD-2025-210033
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pressapps accordion_faq to 2.2.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-52759 is a Cross Site Scripting (XSS) vulnerability in the WordPress Accordion FAQ Plugin (versions up to and including 2.2.1). It occurs due to improper neutralization of input during web page generation, allowing attackers to inject malicious scripts into the website.

Exploitation requires a privileged user to perform an action such as clicking a malicious link or submitting a form, which then allows the attacker to execute scripts like redirects or advertisements on the affected site.

Impact Analysis

This vulnerability can be moderately dangerous with a CVSS score of 7.1 and could be exploited in mass campaigns targeting thousands of websites.

Successful exploitation can lead to attackers injecting malicious scripts that may redirect users, display unwanted advertisements, or perform other harmful actions on the affected website.

Because exploitation requires user interaction by a privileged user, it can compromise the integrity and trustworthiness of the website, potentially damaging reputation and user trust.

Detection Guidance

This vulnerability is a Reflected Cross-site Scripting (XSS) issue in the WordPress Accordion FAQ Plugin up to version 2.2.1. Detection typically involves monitoring for suspicious input or script injection attempts in web requests related to the plugin.

While no specific commands are provided in the available resources, common detection methods include using web application firewalls (WAFs) with rules to detect XSS payloads, inspecting HTTP request logs for suspicious parameters, or using security scanners that test for reflected XSS vulnerabilities.

Administrators can also look for unusual user actions such as clicks on suspicious links or form submissions that could trigger the vulnerability.

Mitigation Strategies

Immediate mitigation steps include applying the mitigation rule issued by Patchstack to block attacks targeting this vulnerability until an official patch is released.

Users are advised to update the Accordion FAQ plugin to a version beyond 2.2.1 once a patch becomes available.

If updating is not possible immediately, seek assistance from your hosting provider or web developer to implement temporary protections such as web application firewall rules or input sanitization.

Compliance Impact

The provided information does not specify how the CVE-2025-52759 vulnerability impacts compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-52759. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart