Skip to main content

Ultimate Faq

4 CVEs product

Monthly

CVE-2020-7107 MEDIUM POC PATCH This Month

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP Ultimate Faq
NVD
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-17233 MEDIUM POC This Month

Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP Ultimate Faq
NVD
CVSS 3.1
6.1
EPSS
1.8%
CVE-2019-17232 HIGH POC This Week

Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP Ultimate Faq
NVD
CVSS 3.1
7.5
EPSS
3.5%
CVE-2019-15643 MEDIUM This Month

The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Faq
NVD
CVSS 3.0
6.1
EPSS
0.9%
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS WordPress PHP +1
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS WordPress PHP +1
NVD
EPSS 4% CVSS 7.5
HIGH POC This Week

Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress PHP +1
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS WordPress Ultimate Faq
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy