Lucene search
+L
EtoilewebdesignUltimate Faq

5 matches found

CVE
CVE
added 2019/10/07 10:11 p.m.227 views

CVE-2019-17233

The CVE affects WordPress plugin Ultimate FAQ (WordPress) up to version 1.8.24. The vulnerability originates in Functions/EWD_UFAQ_Import.php, allowing unauthenticated HTML content injection during FAQ import, potentially exposing malicious content to site visitors. Exploitation details are not p...

6.1CVSS7.1AI score0.01843EPSS
In wild
CVE
CVE
added 2019/10/07 10:11 p.m.224 views

CVE-2019-17232

CVE-2019-17232 affects the WordPress plugin Ultimate FAQs up to version 1.8.24. The vulnerability occurs in Functions/EWD_UFAQ_Import.php, allowing unauthenticated users to import options (and, per related sources, potentially export/import configurations) without authentication. This can enable ...

7.5CVSS8.1AI score0.03518EPSS
In wild
CVE
CVE
added 2020/01/16 4:1 a.m.157 views

CVE-2020-7107

The WordPress plugin Ultimate FAQ (WordPress plugin) prior to version 1.8.30 is vulnerable to Cross-Site Scripting (XSS) via the Display_FAQ parameter routed through Shortcodes/DisplayFAQs.php. The issue stems from insufficient sanitization of the Display_FAQ GET parameter, enabling an attacker t...

6.1CVSS6AI score0.02195EPSS
Web
CVE
CVE
added 2022/01/24 8:0 a.m.60 views

CVE-2021-24968

The CVE-2021-24968 affects the WordPress Ultimate FAQ plugin (versions prior to 2.1.2). The issue is a lack of capability and CSRF checks in the AJAX actions ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page, making them accessible to any authenticated user (down to Subscriber). This can...

5.7CVSS5.3AI score0.00426EPSS
Web
CVE
CVE
added 2019/08/27 11:19 a.m.55 views

CVE-2019-15643

CVE-2019-15643 affects the WordPress Ultimate FAQ plugin, specifically versions before 1.8.22, with a cross-site scripting (XSS) vulnerability. The root cause and exact exploitation details are not provided in the connected documents, but multiple sources corroborate the XSS risk in this plugin. ...

6.1CVSS6.3AI score0.00932EPSS