cleantalk
Vulnerabilities and Security Researches

FAQ Builder AYS, CVE-2024-11458

CVE, Research URL

CVE-2024-11458

Home page URL

Security reports for FAQ Builder AYS

Application

FAQ Builder AYS

Published on
Nov 28, 2024
Research Description
The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ays_faq_tab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.7.2.
Status
vulnerable
Previous vulnerability researches
FAQ Builder AYS (CVE-2026-25346) , Mar 29, 2026
FAQ Builder AYS (CVE-2025-24722) , Jan 25, 2025
FAQ Builder AYS (CVE-2021-24461) , Jun 06, 2024
FAQ Builder AYS (CVE-2024-11458) , Nov 29, 2024
New vulnerability
BackWPup – WordPress Backup Plugin (CVE-2025-15041) , Mar 29, 2026
hCaptcha for WordPress (CVE-2026-25315) , Mar 29, 2026
Breeze – WordPress Cache Plugin (CVE-2025-13864) , Mar 29, 2026
SMTP Mailer (CVE-2026-32538) , Mar 29, 2026
Best WordPress Gallery Plugin – FooGallery (CVE-2026-25362) , Mar 29, 2026