cleantalk
Vulnerabilities and Security Researches

FAQ Builder AYS, CVE-2026-25346

CVE, Research URL

CVE-2026-25346

Home page URL

Security reports for FAQ Builder AYS

Application

FAQ Builder AYS

Published on
Mar 25, 2026
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through <= 1.8.2.
Affected versions
max 1.8.2.
Status
vulnerable
Previous vulnerability researches
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2024-37447) , Jul 02, 2024
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2025-14280) , Jan 27, 2026
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2025-22300) , Jan 09, 2025
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2024-7870) , Sep 05, 2024
PixelYourSite &#8211; Your smart PIXEL (TAG) Manager (CVE-2023-22700) , Jun 07, 2024
New vulnerability
WP Booking Calendar (CVE-2026-32358) , Mar 29, 2026
Subscriptions for WooCommerce &#8211; Subscription Plugin for Collecting Recurring Revenue, Sell Membership Subscription Servic (CVE-2026-24372) , Mar 29, 2026
Meta Box &#8211; WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Admin and Site Enhancements (ASE) (CVE-2026-32423) , Mar 29, 2026
Royal Elementor Addons and Templates (CVE-2026-28135) , Mar 29, 2026