cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forfaq-for-woocommerce faq-for-woocommerce

Direction: descending
Jul 10, 2024

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] # CVE-2024-5669

CVE, Research URL

CVE-2024-5669

Home page URL

Security reports for XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Application

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Date
Jul 09, 2024
Research Description
The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store cross-site scripting that will trigger when viewing the dashboard templates or accessing FAQs.
Affected versions
Min -, max -.
Status
vulnerable

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] # CVE-2024-5704

CVE, Research URL

CVE-2024-5704

Home page URL

Security reports for XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Application

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Date
Jul 09, 2024
Research Description
The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add new and update existing FAQs, FAQ lists, and modify FAQ associations with products.
Affected versions
Min -, max -.
Status
vulnerable
Jul 09, 2024

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] # CVE-2024-37515

CVE, Research URL

CVE-2024-37515

Home page URL

Security reports for XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Application

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Date
Jul 21, 2024
Research Description
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3.
Affected versions
Min -, max -.
Status
vulnerable
Jun 07, 2024

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] # CVE-2024-32110

CVE, Research URL

CVE-2024-32110

Home page URL

Security reports for XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Application

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Date
-
Research Description
Happy WooCommerce FAQs &amp; AI FAQ Generator [faq-for-woocommerce] < 1.5.1 CVE-2024-32110
Affected versions
Min -, max -.
Status
vulnerable

XPlainer &#8211; WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] # f64572abde00d3857cb9fdce12fbcb6cb254eae6

CVE, Research URL

f64572abde00d3857cb9fdce12fbcb6cb254eae6

Home page URL

Security reports for XPlainer &#8211; WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Application

XPlainer &#8211; WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

Date
Jul 19, 2023
Research Description
XPlainer &#8211; WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] [faq-for-woocommerce] < 1.4.0 (closed) WordPress  XPlainer - WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] Plugin <= 1.3.35 is vulnerable to Cross Site Scripting (XSS) Update the WordPress  XPlainer - WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin to the latest available version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress  XPlainer - WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] Plugin. This could allow a malicious actor to inject malicious scripts, such as redirects, advertisements, and other HTML payloads into your website which will be executed when guests visit your site. This vulnerability has been fixed in version 1.4.0.
Affected versions
Min -, max -.
Status
vulnerable