CVE-2026-10862

The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...

CVE-2026-10862

CVE-2026-10862 affects the WordPress plugin Accordions (versions up to and including 2.3.23). The root cause is insufficient input sanitization and output escaping in the Accordion body field, enabling authenticated attackers with Custom-level access or higher to perform Stored Cross-Site Scripti...

CVE-2026-10862

The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and...

WordPress Accordions plugin <= 2.3.23 - Authenticated (Custom+) Stored Cross-Site Scripting vulnerability

Authenticated Custom+ Stored Cross-Site Scripting vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin Accordion versions = 2.3.23...

CVE-2025-52759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...

CVE-2025-58024

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1...

CVE-2026-4336

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

CVE-2026-7467

The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This is due to the 'RadMoreAjax::importData' function not restricting which database tables can be written to during import and not properly validating the imported...

CVE-2025-58024

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1...

CVE-2025-58024 WordPress Accordion FAQ Plugin <= 2.2.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1...

EUVD-2025-210037

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1...

CVE-2025-58024

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1...

CVE-2025-58024 WordPress Accordion FAQ Plugin <= 2.2.1 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1...

CVE-2025-58024

CVE-2025-58024 affects the WordPress pluginPressapps Accordion FAQ (= 2.2.1) or official patch guidance when available.

CVE-2025-52759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...

CVE-2025-52759 WordPress Accordion FAQ plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...

EUVD-2025-210033

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...

CVE-2025-52759

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...

CVE-2025-52759

CVE-2025-52759 describes a Reflected XSS in the WordPress Accordion FAQ plugin (UnboundStudio) for versions &lt;= 2.2.1, caused by improper neutralization of input during web page generation. According to the connected records, the affected component is the plugin’s input handling (Accordion FAQ)...

CVE-2025-52759 WordPress Accordion FAQ plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1...