cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches forultimate-faqs ultimate-faqs

Direction: ascending
Jun 07, 2024

Ultimate FAQ – WordPress FAQ and Accordion Plugin # CVE-2021-24968

CVE, Research URL

CVE-2021-24968

Home page URL

Security reports for Ultimate FAQ – WordPress FAQ and Accordion Plugin

Application

Ultimate FAQ – WordPress FAQ and Accordion Plugin

Date
Jan 24, 2022
Research Description
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions
Affected versions
max 2.1.2.
Status
vulnerable

Ultimate FAQ – WordPress FAQ and Accordion Plugin # CVE-2020-7107

CVE, Research URL

CVE-2020-7107

Home page URL

Security reports for Ultimate FAQ – WordPress FAQ and Accordion Plugin

Application

Ultimate FAQ – WordPress FAQ and Accordion Plugin

Date
Jan 16, 2020
Research Description
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.
Affected versions
max 1.8.30.
Status
vulnerable

Ultimate FAQ – WordPress FAQ and Accordion Plugin # CVE-2019-17233

CVE, Research URL

CVE-2019-17233

Home page URL

Security reports for Ultimate FAQ – WordPress FAQ and Accordion Plugin

Application

Ultimate FAQ – WordPress FAQ and Accordion Plugin

Date
Oct 08, 2019
Research Description
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
Affected versions
max 1.8.25.
Status
vulnerable

Ultimate FAQ – WordPress FAQ and Accordion Plugin # CVE-2019-17232

CVE, Research URL

CVE-2019-17232

Home page URL

Security reports for Ultimate FAQ – WordPress FAQ and Accordion Plugin

Application

Ultimate FAQ – WordPress FAQ and Accordion Plugin

Date
Oct 08, 2019
Research Description
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
Affected versions
max 1.8.25.
Status
vulnerable

Ultimate FAQ – WordPress FAQ and Accordion Plugin # CVE-2019-15643

CVE, Research URL

CVE-2019-15643

Home page URL

Security reports for Ultimate FAQ – WordPress FAQ and Accordion Plugin

Application

Ultimate FAQ – WordPress FAQ and Accordion Plugin

Date
Aug 27, 2019
Research Description
The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.
Affected versions
max 1.8.30.
Status
vulnerable
Jan 09, 2026

Ultimate FAQ – WordPress FAQ and Accordion Plugin # CVE-2025-67590

CVE, Research URL

CVE-2025-67590

Home page URL

Security reports for Ultimate FAQ – WordPress FAQ and Accordion Plugin

Application

Ultimate FAQ – WordPress FAQ and Accordion Plugin

Date
Dec 09, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through <= 2.4.3.
Affected versions
max 2.4.3.
Status
vulnerable