3 matches found
EUVD-2026-16083
The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bafsbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'sboxid',...
CVE-2026-4075 BWL Advanced FAQ Manager Lite <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute
The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bafsbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'sboxid',...
CVE-2026-4075 BWL Advanced FAQ Manager Lite <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'sbox_id' Shortcode Attribute
The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'bafsbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes such as 'sboxid',...