Accordion Security Vulnerabilities and Issues — Accordion CVE List

Lucene search

PickpluginsAccordion

5 matches found

CVE•added 2024/04/09 7:15 p.m.•61 views

CVE-2024-1641

The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with cont...

5.4CVSS8.9AI score0.00278EPSS

CVE•added 2020/05/28 4:15 a.m.•49 views

CVE-2020-13644

An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accor...

5.4CVSS5.3AI score0.00251EPSS

CVE•added 2024/10/06 11:15 a.m.•41 views

CVE-2024-47342

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PickPlugins Accordion accordions allows Stored XSS.This issue affects Accordion: from n/a through 2.2.99.

6.5CVSS6.7AI score0.00065EPSS

CVE•added 2025/04/11 9:15 a.m.•38 views

CVE-2025-32143

Deserialization of Untrusted Data vulnerability in PickPlugins Accordion allows Object Injection. This issue affects Accordion: from n/a through 2.3.10.

8.8CVSS8.7AI score0.00071EPSS

CVE•added 2021/05/14 12:15 p.m.•28 views

CVE-2021-24283

The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue.

5.4CVSS5.2AI score0.0018EPSS