Etoilewebdesign Ultimate Faq vulnerabilities
5 known vulnerabilities affecting etoilewebdesign/ultimate_faq.
Total CVEs
5
CISA KEV
0
Public exploits
3
Exploited in wild
2
Severity breakdown
HIGH1MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2019-17233P2MEDIUMCVSS 6.1ExploitedPoC≤ 1.8.242019-10-07
CVE-2019-17233 [MEDIUM] CWE-79 CVE-2019-17233: Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML c
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
nvd
CVE-2019-17232P2HIGHCVSS 7.5ExploitedPoC≤ 1.8.242019-10-07
CVE-2019-17232 [HIGH] CWE-306 CVE-2019-17232: Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauth
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
nvd
CVE-2020-7107P3MEDIUMCVSS 6.1PoCfixed in 1.8.302020-01-16
CVE-2020-7107 [MEDIUM] CWE-79 CVE-2020-7107: The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/Display
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.
nvd
CVE-2021-24968P4MEDIUMCVSS 5.7fixed in 2.1.22022-01-24
CVE-2021-24968 [MEDIUM] CWE-862 CVE-2021-24968: The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_u
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions
nvd
CVE-2019-15643P4MEDIUMCVSS 6.1fixed in 1.8.222019-08-27
CVE-2019-15643 [MEDIUM] CWE-79 CVE-2019-15643: The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.
The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.
nvd