CVE-2026-8040

CVE-2026-8040 affects the WordPress plugin faq-shortcode (versions

CVE-2026-8040 faq shortocde <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute

The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

EUVD-2026-32092

The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-8040 faq shortocde <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute

The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2026-8040

The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress plugin faq shortocde 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

PT-2026-43498

The faq shortocde plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'color' shortcode attribute in the 'faq' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

WordPress faq shortocde plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zakaria in WordPress Plugin faq shortocde versions = 1.0...

CVE-2026-4336

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

CVE-2025-14122

CVE-2025-14122 concerns the AD Sliding FAQ plugin for WordPress. The connected Wordfence report confirms a stored XSS vulnerability via the sliding_faq shortcode, affecting all versions up to and including 2.4, caused by insufficient input sanitization and output escaping on user-supplied attribu...

CVE-2025-11502

The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'saswptinymultiplefaq' shortcode in all versions up to, and including, 1.51 due to insufficient input sanitization and output escaping on user supplied attributes. This mak...

CVE-2025-8686

CVE-2025-8686 details from the provided documents: The WordPress plugin WP Easy FAQs (WP Easy FAQs) is vulnerable to Stored Cross-Site Scripting (Stored XSS) via the WP_EASY_FAQ shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. The flaw affects all ...

PT-2024-17319 · WordPress · Faq/Answers – Create Frequently Asked Questions Area

Name of the Vulnerable Software and Affected Versions: FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'faq' shortcode due to insufficie...

Ultimate FAQ < 1.8.30 - Unauthenticated Reflected XSS

The HTML code generated by the FAQ shortcode does not sanitise the DisplayFAQ GET parameter, leading to an unauthenticated reflected Cross-Site Scripting issue on pages where such shortcode is used. PoC Append the following payload on a page where a FAQ is embedded: ?DisplayFAQ=...