WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...

EUVD-2025-210355

Unauthenticated Content Injection in Auros Core = 5.3.1 versions...

CVE-2025-64637

Unauthenticated Content Injection in Auros Core = 5.3.1 versions...

CVE-2021-4369

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfmeditfiletitledesc AJ...

CVE-2021-4369 Frontend File Manager <= 18.2 - Unauthenticated Content Injection

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Content Injection in versions up to, and including, 18.2. This is due to lacking authorization protections, checks against users editing other's posts, and lacking a security nonce, all on the wpfmeditfiletitledesc AJ...

CVE-2021-4369

The CVE-2021-4369 entry concerns the WordPress Frontend File Manager plugin. Concrete details in connected sources show that versions up to and including 18.2 are affected by Unauthenticated Content Injection due to missing authorization protections, missing checks for editing others’ posts, and ...

WordPress Frontend File Manager plugin <= 18.2 - Unauthenticated Content Injection and Stored XSS vulnerabilities

Unauthenticated Content Injection and Stored XSS vulnerabilities discovered by Jerome Bruandet NinTechNet in WordPress Frontend File Manager plugin versions = 18.2. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 18.3...