CVE-2026-25346

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through = 1.8.2...

CVE-2026-25346 WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through = 1.8.2...

WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by w41bu1 in WordPress Plugin FAQ Builder AYS versions = 1.8.2...

EUVD-2024-34024

Malicious code in bioql PyPI...

CVE-2025-24722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Stored XSS.This issue affects FAQ Builder AYS: from n/a through = 1.7.3...

CVE-2025-24722

CVE-2025-24722 is a Stored XSS in the WordPress plugin FAQ Builder AYS (WordPress FAQ Builder AYS) affecting versions from 0? through 1.7.3 as reported. The root cause is described as improper neutralization of input during web page generation, enabling injection of malicious scripts. Several sou...

WordPress FAQ Builder AYS Plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Logan Cote in WordPress Plugin FAQ Builder AYS versions = 1.7.3...

CVE-2024-11458 FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting

The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'aysfaqtab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2024-11458 FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting

The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'aysfaqtab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

WordPress plugin FAQ Builder AYS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin ... A cross-site scripting...

WordPress FAQ Builder AYS plugin <= 1.7.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin FAQ Builder AYS versions = 1.7.1...

WordPress FAQ Builder AYS Plugin <= 1.7.1 is vulnerable to Cross Site Scripting (XSS)

Software FAQ Builder AYS Type Plugin Vulnerable versions = 1.7.1 Fixed in 1.7.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11458 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 4525aff9e72c Credits vgo0 Required...

CVE-2021-24461

The getfaqs function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

CVE-2021-24461

The CVE-2021-24461 entry affects the WordPress plugin FAQ Builder AYS prior to version 1.3.6. The vulnerability stems from the get_faqs() function not whitelisting or validating the orderby parameter before using it in SQL statements passed to get_results(), enabling SQL injection in the admin da...

WordPress SQL注入漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress plugin FAQ Builder AYS prior to version 1.3.6,...