Lucene search
K

56 matches found

VulnCheck KEV
VulnCheck KEV
added 2022/12/30 12:0 a.m.6 views

VulnCheck KEV: CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

7.5CVSS7.3AI score0.03518EPSS
Exploits1References1
VulnCheck KEV
VulnCheck KEV
added 2022/12/30 12:0 a.m.4 views

VulnCheck KEV: CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

6.1CVSS7AI score0.01843EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2022/05/30 9:15 a.m.5 views

CVE-2022-1395

The Easy FAQ with Expanding Text WordPress plugin through 3.2.8.3.1 does not sanitise and escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed...

4.8CVSS5.5AI score0.00565EPSS
Exploits2References2
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.10 views

WordPress Joli FAQ SEO – WordPress FAQ plugin <= 1.0.3 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Joli FAQ SEO – WordPress FAQ plugin versions = 1.0.3. Solution Update the WordPress Joli FAQ SEO – WordPress FAQ plugin to the latest available version at least 1.0.4...

3.4AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.9 views

WordPress WordPress FAQ Plugin – WPWorx plugin <= 2.0.0 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress WordPress FAQ Plugin – WPWorx plugin versions = 2.0.0. Solution No patched version available...

4.1AI score
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/01/26 12:0 a.m.18 views

WordPress Ultimate FAQ plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for...

3.5CVSS3.3AI score0.00426EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.6 views

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for...

5.7CVSS5.7AI score0.00426EPSS
Exploits2References3
Patchstack
Patchstack
added 2021/12/13 12:0 a.m.18 views

WordPress Best WordPress FAQ plugin <= 1.4.8 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability discovered by p7e4 in WordPress Best WordPress FAQ plugin versions = 1.4.8. Solution Deactivate and delete. This plugin has been closed as of December 3, 2021 and is not available for download. This closure is temporary, pending a full review...

6.1CVSS3.3AI score0.00757EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2021/11/23 12:0 a.m.25 views

WordPress HTML5 Responsive FAQ plugin <= 2.8.5 - Stored Cross-Site Scripting (XSS) vulnerability

Stored Cross-Site Scripting XSS vulnerability discovered by José Aguilera in WordPress HTML5 Responsive FAQ plugin versions = 2.8.5. Solution Deactivate and delete. This plugin has been closed as of November 23, 2021 and is not available for download. Reason: Security Issue...

4.8CVSS2.5AI score0.00588EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2020/01/16 5:15 a.m.31 views

CVE-2020-7107

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via DisplayFAQ to Shortcodes/DisplayFAQs.php...

6.1CVSS6AI score0.02195EPSS
Exploits1References3
CVE
CVE
added 2020/01/16 4:1 a.m.156 views

CVE-2020-7107

The WordPress plugin Ultimate FAQ (WordPress plugin) prior to version 1.8.30 is vulnerable to Cross-Site Scripting (XSS) via the Display_FAQ parameter routed through Shortcodes/DisplayFAQs.php. The issue stems from insufficient sanitization of the Display_FAQ GET parameter, enabling an attacker t...

6.1CVSS6AI score0.02195EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2020/01/07 12:0 a.m.5 views

WordPress Ultimate FAQ plugin <= 1.8.29 - Unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability

Unauthenticated Reflected Cross-Site Scripting XSS vulnerability found in WordPress Ultimate FAQ plugin versions = 1.8.29. Solution Update the WordPress Ultimate FAQ plugin to the latest available version at least 1.8.30...

2.2AI score
Exploits0References1Affected Software1
CNVD
CNVD
added 2019/11/14 12:0 a.m.4 views

WordPress ultimate-faqs plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ultimate-faqs is a FAQ plugin used in it. An input validation error vulnerability exists in the Functions/EWDUFAQImport.php file in...

7.5CVSS6.8AI score0.03518EPSS
Exploits1References1
Patchstack
Patchstack
added 2019/09/23 12:0 a.m.11 views

WordPress Ultimate FAQ plugin <= 1.8.24 - Unauthenticated Options Import/Export vulnerability

Unauthenticated Options Import/Export vulnerability found by Jerome Bruandet in WordPress Ultimate FAQ plugin versions = 1.8.24. Solution Update the WordPress Ultimate FAQ plugin to the latest available version at least 1.8.25...

3.2AI score
Exploits0Affected Software1
0day.today
0day.today
added 2012/06/26 12:0 a.m.23 views

WordPress Website FAQ Plugin v1.0 SQL Injection

Exploit for php platform in category web applications Exploit Title: WordPress Website FAQ Plugin v1.0 SQL Injection Date: 6/25/12 Exploit Author: Chris Kellum Vendor Homepage: http://wordpress.org/extend/plugins/website-faq/ Software Link: http://downloads.wordpress.org/plugin/website-faq.zip...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2012/06/26 12:0 a.m.9 views

WordPress Plugin Website FAQ 1.0 - SQL Injection

WordPress Plugin Website FAQ 1.0 - SQL Injection Exploit Title: WordPress Website FAQ Plugin v1.0 SQL Injection Date: 6/25/12 Exploit Author: Chris Kellum Vendor Homepage: http://wordpress.org/extend/plugins/website-faq/ Software Link: http://downloads.wordpress.org/plugin/website-faq.zip Version...

0.2AI score
Exploits0
Rows per page
Query Builder