Lucene search
+L

6 matches found

redhatcve
redhatcve
added 2026/06/05 7:28 p.m.10 views

CVE-2026-4336

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

6.4CVSS5.7AI score0.00227EPSS
Exploits0References1
euvd
euvd
added 2026/04/09 6:30 a.m.6 views

EUVD-2026-20845

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

6.4CVSS6.1AI score0.00227EPSS
Exploits0References9
nvd
nvd
added 2026/04/09 5:16 a.m.5 views

CVE-2026-4336

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

6.4CVSS0.00227EPSS
Exploits0References8
cvelist
cvelist
added 2026/04/09 3:25 a.m.32 views

CVE-2026-4336 Ultimate FAQ Accordion Plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

6.4CVSS0.00227EPSS
Exploits0References8
cnnvd
cnnvd
added 2026/04/09 12:0 a.m.13 views

WordPress plugin Ultimate FAQ Accordion 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

6.4CVSS5.6AI score0.00227EPSS
Exploits0References8
patchstack
patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress WordPress FAQ Accordion Plugin - Display FAQ Plugin < 1.4.3 is vulnerable to Cross Site Scripting (XSS)

Software WordPress FAQ Accordion Plugin - Display FAQ Type Plugin Vulnerable versions 1.4.3 Fixed in 1.4.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 153e3f2c0d28 Credits Rafie...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder