EUVD-2024-46842

Malicious code in bioql PyPI...

EUVD-2024-36724

Malicious code in bioql PyPI...

CVE-2024-37515

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3...

CVE-2024-37515 WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3...

CVE-2024-37515 WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3...

CVE-2024-37515

CVE-2024-37515 is a Reflected Cross-Site Scripting (XSS) vulnerability in the WordPress plugin XPlainer – Product FAQs for WooCommerce (XPlainer – WooCommerce Product FAQ). Affected versions are 1.6.3 and earlier. The issue arises from improper neutralization of input during web page generation, ...

PT-2024-27620 · Woocommerce · Xplainer - Woocommerce Product Faq

Name of the Vulnerable Software and Affected Versions: XPlainer - WooCommerce Product FAQ versions 1.6.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS...

CVE-2024-5669

The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffwactivatetemplate' function in all versions up to, and including, 1.7.0. This makes it possible for...

CVE-2024-5704

The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. ffwinsertnewfaq, ffwhidediscountnotice, ffwdeleteallfaqs, ffwdeletesinglefaq, etc... in all...

CVE-2024-5669

CVE-2024-5669 affects XPlainer – Product FAQs for WooCommerce & AI FAQ Generator (WordPress). Root cause: missing capability check in the ffw_activate_template function across all versions up to 1.6.4, allowing authenticated attackers with Subscriber+ access to store cross-site scripting that tri...

CVE-2024-5704

CVE-2024-5704 affects the XPlainer – Product FAQs for WooCommerce (WordPress); all versions up to 1.6.4 are vulnerable due to missing capability checks on several admin functions. This allows authenticated attackers with Subscriber-level access and above to add, update, and modify FAQs, FAQ lists...

CVE-2024-5704 XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions i.e. ffwinsertnewfaq, ffwhidediscountnotice, ffwdeleteallfaqs, ffwdeletesinglefaq, etc... in all...

WordPress XPlainer – WooCommerce Product FAQ plugin <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.7.0...

WordPress XPlainer – WooCommerce Product FAQ plugin <= 1.7.0 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.7.0...

WordPress plugin XPlainer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

PT-2024-37084 · Woocommerce · Xplainer - Woocommerce Product Faq

Name of the Vulnerable Software and Affected Versions: The XPlainer – WooCommerce Product FAQ WooCommerce Accordion FAQ Plugin versions up to, and including, 1.6.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without proper...

WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.7.0 is vulnerable to Cross Site Scripting (XSS)

Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-5669 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b5e6735c62a0 Credits...

WordPress plugin XPlainer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin <= 1.6.3 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by LVT-tholv2k Patchstack Alliance in WordPress Plugin XPlainer - WooCommerce Product FAQ versions = 1.6.3...

WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.6.3 is vulnerable to Cross Site Scripting (XSS)

Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.6.3 Fixed in 1.6.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-37515 Patch priority Medium CVSS severity Medium 5.8 Developer Claim ownership PSID 4539c5a9e2c2 Credits LVT-tholv2k...