RSS   Vulnerabilities for 'Ultimate faq'   RSS

2022-01-24
 
CVE-2021-24968

CWE-862
 

 
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions

 
2020-01-16
 
CVE-2020-7107

CWE-79
 

 
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.

 
2019-10-07
 
CVE-2019-17233

CWE-74
 

 
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.

 
 
CVE-2019-17232

CWE-20
 

 
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.

 
2019-08-27
 
CVE-2019-15643

CWE-79
 

 
The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.

 

 >>> Vendor: Etoilewebdesign 4 Products
Ultimate product catalog
Ultimate faq
Ultimate appointment booking \& scheduling
Ultimate reviews


Copyright 2024, cxsecurity.com

 

Back to Top