Full title: WordPress IndiaNIC FAQs Manager Plugin 1.0 - Multiple Vulnerabilities 
Category: web applications
Platform: php
IndiaNIC FAQ Settings Page is vulnerable for CSRF.
 The Ask Question area (front-end) is vulnerable for XSS. It is possible to insert <script>alert(1)</script> in question parameter.
 The Captcha value can be read from captcha parameter (hidden field)

# 0day.today @ http://0day.today/