Security reports forfaq-for-woocommerce

Security reports forfaq-for-woocommerce faq-for-woocommerce
CVE/PSC	Application	Date	Affected versions	Description
	Actual on: Jul 01, 2025, 04:07:30
	Entries count: 5
CVE-2024-32110	XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] vulnerable	Jun 07, 2024, 01:06:20	Min - Max 1.5.1	Happy WooCommerce FAQs & AI FAQ Generator [faq-for-woocommerce] < 1.5.1 CVE-2024-32110
f64572abde00d3857cb9fdce12fbcb6cb254eae6	XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] vulnerable	Jun 07, 2024, 01:06:20	Min - Max 1.4.0	Happy WooCommerce FAQs & AI FAQ Generator [faq-for-woocommerce] < 1.4.0 WordPress ï»¿ XPlainer - WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] Plugin <= 1.3.35 is vulnerable to Cross Site Scripting (XSS) Update the WordPress ï»¿ XPlainer - WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin to the latest available version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress ï»¿ XPlainer - WooCommerce Product FAQ ...
CVE-2024-37515	XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] vulnerable	Jul 09, 2024, 01:07:07	Min - Max 1.6.4	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3.
CVE-2024-5669	XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] vulnerable	Jul 10, 2024, 06:07:18	Min - Max 1.7.1	The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store cross-site scripting that will trigger when viewing the dashboard templates or accessing FAQs.
CVE-2024-5704	XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] vulnerable	Jul 10, 2024, 06:07:18	Min - Max 1.7.1	The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add new and update existing FAQs, FAQ lists, and modify FAQ associations with products.

CVE-2024-32110

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

vulnerable

Jun 07, 2024, 01:06:20

Min -

Max 1.5.1

Happy WooCommerce FAQs & AI FAQ Generator [faq-for-woocommerce] < 1.5.1 CVE-2024-32110

f64572abde00d3857cb9fdce12fbcb6cb254eae6

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

vulnerable

Jun 07, 2024, 01:06:20

Min -

Max 1.4.0

Happy WooCommerce FAQs & AI FAQ Generator [faq-for-woocommerce] < 1.4.0 WordPress ï»¿ XPlainer - WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] Plugin <= 1.3.35 is vulnerable to Cross Site Scripting (XSS) Update the WordPress ï»¿ XPlainer - WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin to the latest available version. Rafie Muhammad (Patchstack) discovered and reported this Cross Site Scripting (XSS) vulnerability in WordPress ï»¿ XPlainer - WooCommerce Product FAQ ...

CVE-2024-37515

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

vulnerable

Jul 09, 2024, 01:07:07

Min -

Max 1.6.4

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Optemiz XPlainer - WooCommerce Product FAQ allows Reflected XSS.This issue affects XPlainer - WooCommerce Product FAQ: from n/a through 1.6.3.

CVE-2024-5669

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

vulnerable

Jul 10, 2024, 06:07:18

Min -

Max 1.7.1

The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ffw_activate_template' function in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store cross-site scripting that will trigger when viewing the dashboard templates or accessing FAQs.

CVE-2024-5704

XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin]

vulnerable

Jul 10, 2024, 06:07:18

Min -

Max 1.7.1

The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add new and update existing FAQs, FAQ lists, and modify FAQ associations with products.

Security reports forfaq-for-woocommerce faq-for-woocommerce