Lucene search

K

FAQ Security Vulnerabilities

cve
cve

CVE-2024-4082

The Joli FAQ SEO – WordPress FAQ Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation when saving settings. This makes it possible for unauthenticated attackers to change the...

4.3CVSS

0.0004EPSS

2024-05-14 03:42 PM
cve
cve

CVE-2024-4233

Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce, Tyche Softwares Arconix Shortcodes, Tyche Softwares Arconix FAQ.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.8.1; Arconix Shortcodes: from n/a through...

4.3CVSS

7.2AI Score

0.0004EPSS

2024-05-08 02:15 PM
27
cve
cve

CVE-2024-32136

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through...

7.6CVSS

8.2AI Score

0.0004EPSS

2024-04-15 08:15 AM
26
cve
cve

CVE-2024-2845

The BetterDocs – Best Documentation, FAQ & Knowledge Base Plugin with AI Support & Instant Answer For Elementor & Gutenberg plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.2 due to insufficient input...

6.4CVSS

6AI Score

0.0004EPSS

2024-04-09 07:15 PM
25
cve
cve

CVE-2024-1363

The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordion_content_source' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible....

6.4CVSS

6AI Score

0.0004EPSS

2024-03-13 04:15 PM
32
cve
cve

CVE-2024-2071

A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The manipulation of the argument Frequently Asked Question leads to cross site scripting. The attack...

3.5CVSS

6.7AI Score

0.0004EPSS

2024-03-01 05:15 PM
41
cve
cve

CVE-2024-2070

A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched.....

3.5CVSS

6.7AI Score

0.0004EPSS

2024-03-01 04:15 PM
46
cve
cve

CVE-2024-2069

A vulnerability classified as critical has been found in SourceCodester FAQ Management System 1.0. Affected is an unknown function of the file /endpoint/delete-faq.php. The manipulation of the argument faq leads to sql injection. It is possible to launch the attack remotely. The exploit has been...

6.3CVSS

8AI Score

0.0004EPSS

2024-03-01 04:15 PM
41
cve
cve

CVE-2023-3535

A vulnerability was found in SimplePHPscripts FAQ Script PHP 2.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /preview.php of the component URL Parameter Handler. The manipulation leads to cross site scripting. The attack can be...

6.1CVSS

6.1AI Score

0.0005EPSS

2023-07-07 01:15 PM
14
cve
cve

CVE-2023-1891

The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site...

6.1CVSS

6AI Score

0.0005EPSS

2023-06-27 02:15 PM
34
cve
cve

CVE-2023-0370

The WPB Advanced FAQ WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...

5.4CVSS

5.4AI Score

0.001EPSS

2023-03-20 04:15 PM
22
cve
cve

CVE-2023-22678

Cross-Site Request Forgery (CSRF) vulnerability in Rafael Dery Superior FAQ plugin <= 1.0.2...

8.8CVSS

8.8AI Score

0.001EPSS

2023-03-20 12:15 PM
16
cve
cve

CVE-2022-1395

The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfiltered_html is...

4.8CVSS

4.7AI Score

0.001EPSS

2022-05-30 09:15 AM
70
5
cve
cve

CVE-2021-24995

The HTML5 Responsive FAQ WordPress plugin through 2.8.5 does not properly sanitise and escape some of its settings, which could allow a high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is...

4.8CVSS

4.7AI Score

0.001EPSS

2022-03-14 03:15 PM
58
cve
cve

CVE-2021-24867

Numerous Plugins and Themes from the AccessPress Themes (aka Access Keys) vendor are backdoored due to their website being compromised. Only plugins and themes downloaded via the vendor website are affected, and those hosted on wordpress.org are not. However, all of them were updated or removed to....

9.8CVSS

9.5AI Score

0.004EPSS

2022-02-21 11:15 AM
128
2
cve
cve

CVE-2021-24968

The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ...

5.7CVSS

5.5AI Score

0.001EPSS

2022-01-24 08:15 AM
25
cve
cve

CVE-2021-24831

All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary...

7.5CVSS

7.5AI Score

0.001EPSS

2022-01-03 01:15 PM
25
cve
cve

CVE-2021-39319

The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...

6.1CVSS

6AI Score

0.001EPSS

2021-12-14 04:15 PM
18
cve
cve

CVE-2021-24576

The Easy Accordion WordPress plugin before 2.0.22 does not properly sanitize inputs when adding new items to an...

5.4CVSS

5.4AI Score

0.001EPSS

2021-10-11 11:15 AM
28
cve
cve

CVE-2021-24461

The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin...

8.8CVSS

9AI Score

0.001EPSS

2021-08-02 11:15 AM
25
3
cve
cve

CVE-2021-21438

Agents are able to see linked FAQ articles without permissions (defined in FAQ Category). This issue affects: FAQ version 6.0.29 and prior versions, OTRS version 7.0.24 and prior...

4.3CVSS

4.7AI Score

0.001EPSS

2021-03-22 09:15 AM
21
cve
cve

CVE-2013-2637

A Cross-Site Scripting (XSS) Vulnerability exists in OTRS ITSM prior to 3.2.4, 3.1.8, and 3.0.7 and FAQ prior to 2.1.4 and 2.0.8 via changes, workorder items, and FAQ articles, which could let a remote malicious user execute arbitrary...

6.1CVSS

6AI Score

0.307EPSS

2020-02-12 05:15 PM
30
cve
cve

CVE-2013-2625

An Access Bypass issue exists in OTRS Help Desk before 3.2.4, 3.1.14, and 3.0.19, OTRS ITSM before 3.2.3, 3.1.8, and 3.0.7, and FAQ before 2.2.3, 2.1.4, and 2.0.8. Access rights by the object linking mechanism is not...

6.5CVSS

6.5AI Score

0.01EPSS

2019-11-27 07:15 PM
46
cve
cve

CVE-2016-5843

Multiple SQL injection vulnerabilities in the FAQ package 2.x before 2.3.6, 4.x before 4.0.5, and 5.x before 5.0.5 in Open Ticket Request System (OTRS) allow remote attackers to execute arbitrary SQL commands via crafted search...

9.4CVSS

9.9AI Score

0.003EPSS

2016-09-17 02:59 AM
74
cve
cve

CVE-2015-4612

SQL injection vulnerability in the "FAQ - Frequently Asked Questions" (js_faq) extension before 1.2.1 for TYPO3 allows remote authenticated users to execute arbitrary SQL commands via unspecified...

8.8AI Score

0.001EPSS

2015-06-16 04:59 PM
21
cve
cve

CVE-2012-1646

Multiple cross-site scripting (XSS) vulnerabilities in the FAQ module 6.x-1.x before 6.x-1.13 and 7.x-1.x-rc1 for Drupal allow remote authenticated users to inject arbitrary web script or HTML via the (1) title parameter in faq.admin.inc or (2) detailed_question parameter in...

5.5AI Score

0.003EPSS

2012-09-25 11:55 PM
25
cve
cve

CVE-2006-6831

SQL injection vulnerability in faqDsp.asp in aFAQ 1.0 allows remote attackers to execute arbitrary SQL commands via the catcode...

9.3AI Score

0.002EPSS

2006-12-31 05:00 AM
27
cve
cve

CVE-2006-4008

PHP remote file inclusion vulnerability in index.php in Knusperleicht Faq 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the faq_path...

8.3AI Score

0.056EPSS

2006-08-07 07:04 PM
17
cve
cve

CVE-2006-0251

Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd...

6.3AI Score

0.007EPSS

2006-01-18 01:51 AM
23
cve
cve

CVE-2005-4064

Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to...

9.5AI Score

0.004EPSS

2005-12-07 11:03 AM
17
cve
cve

CVE-2005-3938

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5)...

9.4AI Score

0.013EPSS

2005-12-01 06:03 AM
22
cve
cve

CVE-2002-2011

Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.cgi) in Faq-O-Matic 2.711 and 2.712 allows remote attackers to inject arbitrary web script or HTML via the file...

5.8AI Score

0.011EPSS

2002-12-31 05:00 AM
20
cve
cve

CVE-2002-0230

Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 allows remote attackers to execute arbitrary Javascript on other clients via the cmd parameter, which causes the script to be inserted into an error...

6.8AI Score

0.016EPSS

2002-05-16 04:00 AM
32