WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting

WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via DisplayFAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

CVE-2019-15643

The ultimate-faqs plugin before 1.8.22 for WordPress has XSS...

WordPress ultimate-faqs plugin HTML content injection vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ultimate-faqs is a FAQ plugin used in it. An HTML content injection vulnerability exists in the Functions/EWDUFAQImport.php file in...

CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

Information disclosure

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

CVE-2019-17232

CVE-2019-17232 affects the WordPress plugin Ultimate FAQs up to version 1.8.24. The vulnerability occurs in Functions/EWD_UFAQ_Import.php, allowing unauthenticated users to import options (and, per related sources, potentially export/import configurations) without authentication. This can enable ...

CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

EUVD-2019-7649

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import...

CVE-2019-17233

The CVE affects WordPress plugin Ultimate FAQ (WordPress) up to version 1.8.24. The vulnerability originates in Functions/EWD_UFAQ_Import.php, allowing unauthenticated HTML content injection during FAQ import, potentially exposing malicious content to site visitors. Exploitation details are not p...

CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection...

CVE-2019-17232

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

CVE-2019-17233

Functions/EWDUFAQImport.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. Recent assessments: Assessed Attacker Value: 0 Assessed Attacker Value: 0Assessed Attacker Value: 0...

WordPress ultimate-faqs plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ultimate-faqs is a FAQ plugin used in it. A cross-site scripting vulnerability exists in the WordPress ultimate-faqs plugin. An attack...

CVE-2019-15643

The ultimate-faqs plugin before 1.8.22 for WordPress has XSS...

CVE-2019-15643

The ultimate-faqs plugin before 1.8.22 for WordPress has XSS...

Cross site scripting

The ultimate-faqs plugin before 1.8.22 for WordPress has XSS...