WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...

CVE-2025-58024

CVE-2025-58024 affects the WordPress pluginPressapps Accordion FAQ (= 2.2.1) or official patch guidance when available.

CVE-2020-7107

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via DisplayFAQ to Shortcodes/DisplayFAQs.php...

CVE-2025-14122

The AD Sliding FAQ plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slidingfaq' shortcode in all versions up to, and including, 2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers,...

CVE-2025-67590

WordPress plugin Ultimate FAQ (Rustaurius Ultimate FAQ ultimate-faqs) has a CSRF vulnerability tracked as CVE-2025-67590 affecting versions through 2.4.3. The issue allows attackers to perform actions on behalf of authenticated users without their knowledge. A fix is to update to a later version ...

WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin Ultimate FAQ versions = 2.4.3...

EUVD-2021-11880

Malware in sbrugna...

EUVD-2020-28241

Malware in sbrugna...

EUVD-2023-26807

Malicious code in bioql PyPI...

EUVD-2024-33820

Malicious code in bioql PyPI...

EUVD-2024-46876

Malicious code in bioql PyPI...

WordPress Accordion FAQ Plugin <= 2.2.1 - Local File Inclusion Vulnerability

Local File Inclusion Vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Accordion FAQ versions = 2.2.1...

CVE-2025-58200 WordPress Flexible FAQ Plugin <= 0.2 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery CSRF vulnerability in Bage Flexible FAQ flexible-faq allows Cross Site Request Forgery.This issue affects Flexible FAQ: from n/a through = 0.2...

CVE-2025-58659 WordPress Helpie FAQ plugin <= 1.45 - Sensitive Data Exposure vulnerability

Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ helpie-faq allows Retrieve Embedded Sensitive Data.This issue affects Helpie FAQ: from n/a through = 1.45...

CVE-2025-58659 WordPress Helpie FAQ plugin <= 1.45 - Sensitive Data Exposure vulnerability

Use of Hard-coded Credentials vulnerability in Essekia Helpie FAQ helpie-faq allows Retrieve Embedded Sensitive Data.This issue affects Helpie FAQ: from n/a through = 1.45...

WordPress Accordion FAQ plugin <= 2.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Accordion FAQ versions = 2.2.1...

WordPress Arconix FAQ plugin Improper Access Control Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress Arconix FAQ plugin, which stems from a lack of authorization, and no detailed vulnerability details are provided...

WordPress plugin Arconix FAQ 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An improper access control vulnerability exists in the WordPress Arconix FAQ plugin, which stems from a lack of authorization, and no detailed vulnerability details are provided...

CVE-2023-1891

The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting...

CVE-2022-1395

The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...