Vulnerabilities and security researches forcm-faq cm-faq

Feb 19, 2025

CVE, Research URL: CVE-2025-24758
Home page URL: Security reports for CM WordPress FAQ Plugin – Accordion FAQ Solution
Application: CM WordPress FAQ Plugin – Accordion FAQ Solution
Date: Mar 03, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CreativeMindsSolutions CM Map Locations allows Reflected XSS. This issue affects CM Map Locations: from n/a through 2.0.8.
Affected versions: Min -, max -.
Status: vulnerable

Mar 15, 2025

CVE, Research URL: CVE-2025-2166
Home page URL: Security reports for CM WordPress FAQ Plugin – Accordion FAQ Solution
Application: CM WordPress FAQ Plugin – Accordion FAQ Solution
Date: Mar 14, 2025
Research Description: The CM FAQ – Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable