Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

47 matches found

EUVD
EUVDadded 2026/03/25 6:31 p.m.1 views

EUVD-2026-15661

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through = 1.8.2...

7.1CVSS5.8AI score0.00045EPSS
Exploits0References2
NVD
NVDadded 2026/03/25 5:16 p.m.0 views

CVE-2026-25346

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through = 1.8.2...

7.1CVSS0.00045EPSS
Exploits0References1
Cvelist
Cvelistadded 2026/03/25 4:14 p.m.20 views

CVE-2026-25346 WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through = 1.8.2...

7.1CVSS0.00045EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/03/25 12:0 a.m.2 views

WordPress plugin FAQ Builder AYS 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

7.1CVSS5.8AI score0.00045EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/03/25 12:0 a.m.1 views

PT-2026-27908

Name of the Vulnerable Software and Affected Versions Ays Pro FAQ Builder AYS versions through 1.8.2 Description The software contains a flaw related to improper neutralization of input during web page generation, specifically a Cross-site Scripting issue. This allows exploitation of incorrectly...

7.1CVSS5.9AI score0.00045EPSS
Exploits0References3
Patchstack
Patchstackadded 2026/03/20 8:59 p.m.4 views

WordPress FAQ Builder AYS plugin <= 1.8.2 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by w41bu1 in WordPress Plugin FAQ Builder AYS versions = 1.8.2...

7.1CVSS5.8AI score0.00045EPSS
Exploits0Affected Software1
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2007-1612

Malware in sbrugna...

7.5CVSS6.4AI score0.01347EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2024-34024

Malicious code in bioql PyPI...

6.1CVSS8.8AI score0.0092EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/03 8:7 p.m.1 views

EUVD-2025-3914

Malicious code in bioql PyPI...

5.9CVSS8.9AI score0.00089EPSS
Exploits0References1
EUVD
EUVDadded 2025/10/03 8:7 p.m.2 views

EUVD-2023-57899

Malicious code in bioql PyPI...

4.8CVSS6.3AI score0.0011EPSS
Exploits0References2
RedhatCVE
RedhatCVEadded 2025/05/23 11:43 a.m.2 views

CVE-2025-24722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Stored XSS.This issue affects FAQ Builder AYS: from n/a through = 1.7.3...

5.9CVSS7.2AI score0.00089EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 6:45 a.m.2 views

CVE-2024-11458

The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'aysfaqtab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6.4AI score0.0092EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/05/23 4:32 a.m.4 views

CVE-2023-5606

The ChatBot for WordPress is vulnerable to Stored Cross-Site Scripting via the FAQ Builder in versions 4.8.6 through 4.9.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject...

4.8CVSS5.8AI score0.00122EPSS
Exploits2References1
RedhatCVE
RedhatCVEadded 2025/05/22 7:22 p.m.2 views

CVE-2021-24461

The getfaqs function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the getresults DB calls, leading to SQL injection issues in the admin dashboard...

8.8CVSS7.7AI score0.00532EPSS
Exploits2References1
NVD
NVDadded 2025/01/24 6:15 p.m.12 views

CVE-2025-24722

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Stored XSS.This issue affects FAQ Builder AYS: from n/a through = 1.7.3...

5.9CVSS0.00089EPSS
Exploits0References1
Cvelist
Cvelistadded 2025/01/24 5:25 p.m.17 views

CVE-2025-24722 WordPress FAQ Builder AYS Plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Stored XSS.This issue affects FAQ Builder AYS: from n/a through = 1.7.3...

5.9CVSS0.00089EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2025/01/24 5:25 p.m.8 views

CVE-2025-24722 WordPress FAQ Builder AYS Plugin <= 1.7.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in F.A.Q Builder Team FAQ Builder AYS allows Stored XSS. This issue affects FAQ Builder AYS: from n/a through 1.7.3...

5.9CVSS5.7AI score0.00089EPSS
Exploits0References1
CVE
CVEadded 2025/01/24 5:25 p.m.46 views

CVE-2025-24722

CVE-2025-24722 is a Stored XSS in the WordPress plugin FAQ Builder AYS (WordPress FAQ Builder AYS) affecting versions from 0? through 1.7.3 as reported. The root cause is described as improper neutralization of input during web page generation, enabling injection of malicious scripts. Several sou...

5.9CVSS7.2AI score0.00089EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/11/28 8:47 a.m.7 views

CVE-2024-11458 FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting

The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'aysfaqtab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS6.4AI score0.0092EPSS
Exploits0References4
Cvelist
Cvelistadded 2024/11/28 8:47 a.m.12 views

CVE-2024-11458 FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting

The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'aysfaqtab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

6.1CVSS0.0092EPSS
Exploits0References4
Rows per page
Query Builder