cleantalk
Vulnerabilities and Security Researches

Accordion, CVE-2020-13644

CVE, Research URL

CVE-2020-13644

Home page URL

Security reports for Accordion

Application

Accordion

Published on
May 28, 2020
Research Description
An issue was discovered in the Accordion plugin before 2.2.9 for WordPress. The unprotected AJAX wp_ajax_accordions_ajax_import_json action allowed any authenticated user with Subscriber or higher permissions the ability to import a new accordion and inject malicious JavaScript as part of the accordion.
Affected versions
Min -, max 2.2.43.
Status
vulnerable
Previous vulnerability researches
Accordion – Multiple Accordion or FAQs Builder (CVE-2023-25962) , Jun 06, 2024
Accordion – Multiple Accordion or FAQs Builder (CVE-2022-33198) , Jun 06, 2024
Accordion – Multiple Accordion or FAQs Builder (CVE-2022-45082) , Jun 06, 2024
Accordion – Multiple Accordion or FAQs Builder (CVE-2024-37122) , Jun 24, 2024
Accordion – Multiple Accordion or FAQs Builder (CVE-2022-38104) , Jun 06, 2024
New vulnerability
Flamingo , Apr 16, 2025
Advance WP Query Search Filter (CVE-2025-26743) , Apr 15, 2025
SKT Skill Bar (CVE-2025-26880) , Apr 15, 2025
WP Featured Screenshot (CVE-2025-32557) , Apr 15, 2025
Additional Custom Product Tabs for WooCommerce (CVE-2025-26749) , Apr 15, 2025