WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...

WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated Options Import and Export

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. id: CVE-2019-17232 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated Options Import and Export author: daffainfo severity: high description: |...

WordPress Ultimate FAQ Accordion Plugin plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content vulnerability

Authenticated Author+ Stored Cross-Site Scripting via FAQ Content vulnerability discovered by WordFence in WordPress Plugin Ultimate FAQ versions = 2.4.7...

EUVD-2026-20845

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

CVE-2026-4336

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

CVE-2026-4336 Ultimate FAQ Accordion Plugin <= 2.4.7 - Authenticated (Author+) Stored Cross-Site Scripting via FAQ Content

The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling htmlentitydecode on postcontent during rendering in the setdisplayvariables function View.FAQ.class.php, line...

WordPress plugin Ultimate FAQ Accordion 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2020-7107

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via DisplayFAQ to Shortcodes/DisplayFAQs.php...

CVE-2025-67590

Cross-Site Request Forgery CSRF vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through = 2.4.3...

EUVD-2025-202063

Cross-Site Request Forgery CSRF vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through = 2.4.3...

CVE-2025-67590

Cross-Site Request Forgery CSRF vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through = 2.4.3...

CVE-2025-67590 WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through = 2.4.3...

CVE-2025-67590 WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through = 2.4.3...

CVE-2025-67590

WordPress plugin Ultimate FAQ (Rustaurius Ultimate FAQ ultimate-faqs) has a CSRF vulnerability tracked as CVE-2025-67590 affecting versions through 2.4.3. The issue allows attackers to perform actions on behalf of authenticated users without their knowledge. A fix is to update to a later version ...

WordPress plugin Ultimate FAQ 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

PT-2025-49964

Name of the Vulnerable Software and Affected Versions Rustaurius Ultimate FAQ versions through 2.4.3 Description A Cross-Site Request Forgery CSRF issue exists in Rustaurius Ultimate FAQ. This allows attackers to perform actions on behalf of authenticated users without their knowledge...

WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin Ultimate FAQ versions = 2.4.3...

EUVD-2021-11880

Malware in sbrugna...

EUVD-2020-28241

Malware in sbrugna...

VulnCheck KEV: CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...