4 matches found
CVE-2024-5704
The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. ffwinsertnewfaq, ffwhidediscountnotice, ffwdeleteallfaqs, ffwdeletesinglefaq, etc... in all...
CVE-2024-5669
CVE-2024-5669 affects XPlainer – Product FAQs for WooCommerce & AI FAQ Generator (WordPress). Root cause: missing capability check in the ffw_activate_template function across all versions up to 1.6.4, allowing authenticated attackers with Subscriber+ access to store cross-site scripting that tri...
CVE-2024-5704 XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update
The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. ffwinsertnewfaq, ffwhidediscountnotice, ffwdeleteallfaqs, ffwdeletesinglefaq, etc... in all...
WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.6.3...