3 matches found
CVE-2024-5669
CVE-2024-5669 affects XPlainer – Product FAQs for WooCommerce & AI FAQ Generator (WordPress). Root cause: missing capability check in the ffw_activate_template function across all versions up to 1.6.4, allowing authenticated attackers with Subscriber+ access to store cross-site scripting that tri...
CVE-2024-5669 XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffwactivatetemplate' function in all versions up to, and including, 1.6.4. This makes it possible for...
WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)
Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5669 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b5e6735c62a0 Credits...