56 matches found
VulnCheck KEV: CVE-2019-17232
Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...
VulnCheck KEV: CVE-2019-17233
Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...
CVE-2022-1395
The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...
WordPress Joli FAQ SEO – WordPress FAQ plugin <= 1.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Joli FAQ SEO – WordPress FAQ plugin versions = 1.0.3. Solution Update the WordPress Joli FAQ SEO – WordPress FAQ plugin to the latest available version at least 1.0.4...
WordPress WordPress FAQ Plugin – WPWorx plugin <= 2.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress FAQ Plugin – WPWorx plugin versions = 2.0.0. Solution No patched version available...
WordPress Ultimate FAQ plugin cross-site request forgery vulnerability
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for...
WordPress 跨站请求伪造漏洞
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for...
WordPress Best WordPress FAQ plugin <= 1.4.8 - Reflected Cross-Site Scripting (XSS) vulnerability
Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Best WordPress FAQ plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...
WordPress HTML5 Responsive FAQ plugin <= 2.8.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress HTML5 Responsive FAQ plugin versions = 2.8.5. Solution Deactivate and delete. This plugin has been closed as of November 23, 2021 and is not available for download. Reason: Security Issue...
CVE-2020-7107
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via DisplayFAQ to Shortcodes/DisplayFAQs.php...
CVE-2020-7107
The WordPress plugin Ultimate FAQ (WordPress plugin) prior to version 1.8.30 is vulnerable to Cross-Site Scripting (XSS) via the Display_FAQ parameter routed through Shortcodes/DisplayFAQs.php. The issue stems from insufficient sanitization of the Display_FAQ GET parameter, enabling an attacker t...
WordPress Ultimate FAQ plugin <= 1.8.29 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability
Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress Ultimate FAQ plugin versions = 1.8.29. Solution Update the WordPress Ultimate FAQ plugin to the latest available version at least 1.8.30...
WordPress ultimate-faqs plugin input validation error vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ultimate-faqs is a FAQ plugin used in it. An input validation error vulnerability exists in the Functions/EWDUFAQImport.php file in...
WordPress Ultimate FAQ plugin <= 1.8.24 - Unauthenticated Options Import/Export vulnerability
Unauthenticated Options Import/Export vulnerability found by Jerome Bruandet in WordPress Ultimate FAQ plugin versions = 1.8.24. Solution Update the WordPress Ultimate FAQ plugin to the latest available version at least 1.8.25...
WordPress Website FAQ Plugin v1.0 SQL Injection
Exploit for php platform in category web applications Exploit Title: WordPress Website FAQ Plugin v1.0 SQL Injection Date: 6/25/12 Exploit Author: Chris Kellum Vendor Homepage: http://wordpress.org/extend/plugins/website-faq/ Software Link: http://downloads.wordpress.org/plugin/website-faq.zip...
WordPress Plugin Website FAQ 1.0 - SQL Injection
WordPress Plugin Website FAQ 1.0 - SQL Injection Exploit Title: WordPress Website FAQ Plugin v1.0 SQL Injection Date: 6/25/12 Exploit Author: Chris Kellum Vendor Homepage: http://wordpress.org/extend/plugins/website-faq/ Software Link: http://downloads.wordpress.org/plugin/website-faq.zip Version...