cleantalk
Vulnerabilities and Security Researches

Ultimate FAQ – WordPress FAQ and Accordion Plugin, CVE-2025-67590

CVE, Research URL

CVE-2025-67590

Home page URL

Security reports for Ultimate FAQ – WordPress FAQ and Accordion Plugin

Application

Ultimate FAQ – WordPress FAQ and Accordion Plugin

Published on
Dec 09, 2025
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Rustaurius Ultimate FAQ ultimate-faqs allows Cross Site Request Forgery.This issue affects Ultimate FAQ: from n/a through <= 2.4.3.
Affected versions
max 2.4.3.
Status
vulnerable
Previous vulnerability researches
SKT Skill Bar (CVE-2025-66090) , Dec 11, 2025
SKT Skill Bar (CVE-2024-38698) , Jul 15, 2024
SKT Skill Bar (CVE-2025-47482) , May 09, 2025
SKT Skill Bar (CVE-2025-26880) , Apr 15, 2025
New vulnerability
Review Disclaimer (CVE-2025-67628) , Jan 10, 2026
MAS Videos (CVE-2025-62753) , Jan 10, 2026
Postem Ipsum (CVE-2025-14397) , Jan 10, 2026
WH Tweaks (CVE-2025-67630) , Jan 10, 2026
Advanced FAQ Manager (CVE-2025-67556) , Jan 10, 2026