Lucene search
+L

4 matches found

NVD
NVD
added 2024/07/09 9:15 a.m.39 views

CVE-2024-5704

The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. ffwinsertnewfaq, ffwhidediscountnotice, ffwdeleteallfaqs, ffwdeletesinglefaq, etc... in all...

4.3CVSS0.00399EPSS
Exploits0References7
CVE
CVE
added 2024/07/09 8:33 a.m.44 views

CVE-2024-5669

CVE-2024-5669 affects XPlainer – Product FAQs for WooCommerce & AI FAQ Generator (WordPress). Root cause: missing capability check in the ffw_activate_template function across all versions up to 1.6.4, allowing authenticated attackers with Subscriber+ access to store cross-site scripting that tri...

6.4CVSS5.8AI score0.00372EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/07/09 8:33 a.m.17 views

CVE-2024-5704 XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. ffwinsertnewfaq, ffwhidediscountnotice, ffwdeleteallfaqs, ffwdeletesinglefaq, etc... in all...

4.3CVSS5.9AI score0.00399EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/07/05 1:48 p.m.6 views

WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.6.3...

5.8CVSS6.1AI score0.00248EPSS
Exploits0Affected Software1
Rows per page
Query Builder