Faq Builder Ays
Monthly
A Cross-Site Scripting (XSS) vulnerability exists in AYS Pro FAQ Builder plugin versions up to and including 1.8.2, allowing attackers to inject malicious scripts through improperly neutralized input during web page generation. The vulnerability stems from incorrectly configured access control security levels, enabling unauthenticated or low-privileged attackers to execute arbitrary JavaScript in the context of affected WordPress sites. While CVSS and EPSS scores are not publicly available, the vulnerability was reported by Patchstack and assigned ENISA EUVD ID EUVD-2026-15661, indicating formal recognition across European vulnerability databases.
A Cross-Site Scripting (XSS) vulnerability exists in AYS Pro FAQ Builder plugin versions up to and including 1.8.2, allowing attackers to inject malicious scripts through improperly neutralized input during web page generation. The vulnerability stems from incorrectly configured access control security levels, enabling unauthenticated or low-privileged attackers to execute arbitrary JavaScript in the context of affected WordPress sites. While CVSS and EPSS scores are not publicly available, the vulnerability was reported by Patchstack and assigned ENISA EUVD ID EUVD-2026-15661, indicating formal recognition across European vulnerability databases.