EUVD-2024-46876

Malicious code in bioql PyPI...

CVE-2024-5704

The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. ffwinsertnewfaq, ffwhidediscountnotice, ffwdeleteallfaqs, ffwdeletesinglefaq, etc... in all...

CVE-2024-5669

CVE-2024-5669 affects XPlainer – Product FAQs for WooCommerce & AI FAQ Generator (WordPress). Root cause: missing capability check in the ffw_activate_template function across all versions up to 1.6.4, allowing authenticated attackers with Subscriber+ access to store cross-site scripting that tri...

CVE-2024-5704 XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. ffwinsertnewfaq, ffwhidediscountnotice, ffwdeleteallfaqs, ffwdeletesinglefaq, etc... in all...

WordPress XPlainer – WooCommerce Product FAQ plugin <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.7.0...

WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.7.0 is vulnerable to Broken Access Control

Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5704 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2fd8e7762c97 Credits Lucio Sá...