WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. id: CVE-2019-17233 info: name: WordPress Ultimate FAQs = 1.8.24 – Unauthenticated HTML Content Injection author: daffainfo severity: medium description: | Functions/EWDUFAQImport.ph...

CVE-2020-7107

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via DisplayFAQ to Shortcodes/DisplayFAQs.php...

CVE-2025-67590

WordPress plugin Ultimate FAQ (Rustaurius Ultimate FAQ ultimate-faqs) has a CSRF vulnerability tracked as CVE-2025-67590 affecting versions through 2.4.3. The issue allows attackers to perform actions on behalf of authenticated users without their knowledge. A fix is to update to a later version ...

WordPress Ultimate FAQ plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by daroo in WordPress Plugin Ultimate FAQ versions = 2.4.3...

EUVD-2021-11880

Malware in sbrugna...

EUVD-2020-28241

Malware in sbrugna...

VulnCheck KEV: CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

VulnCheck KEV: CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

WordPress Ultimate FAQ plugin cross-site request forgery vulnerability

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for...

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for...

CVE-2020-7107

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via DisplayFAQ to Shortcodes/DisplayFAQs.php...

CVE-2020-7107

The WordPress plugin Ultimate FAQ (WordPress plugin) prior to version 1.8.30 is vulnerable to Cross-Site Scripting (XSS) via the Display_FAQ parameter routed through Shortcodes/DisplayFAQs.php. The issue stems from insufficient sanitization of the Display_FAQ GET parameter, enabling an attacker t...

WordPress ultimate-faqs plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ultimate-faqs is a FAQ plugin used in it. An input validation error vulnerability exists in the Functions/EWDUFAQImport.php file in...