Xenioushk Bwl Advanced Faq Manager vulnerabilities
2 known vulnerabilities affecting xenioushk/bwl_advanced_faq_manager.
Total CVEs
2
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-32136P3HIGHCVSS 7.6PoC≥ n/a, ≤ 2.0.32024-04-15
CVE-2024-32136 [HIGH] CWE-89 CVE-2024-32136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3.
nvd
CVE-2024-13801P3HIGHCVSS 8.1≤ 2.1.42025-03-26
CVE-2024-13801 [HIGH] CWE-862 CVE-2024-13801: The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data
The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, t
nvd