WordPress Ultimate FAQ 漏洞列表

共找到 2 个与 WordPress Ultimate FAQ 相关的漏洞

📅 加载漏洞趋势中...

CVE-2020-7107: WordPress Ultimate FAQ <1.8.30 - Cross-Site Scripting POC

日期: 2025-08-01 | 影响软件: WordPress Ultimate FAQ

WordPress Ultimate FAQ plugin before 1.8.30 is susceptible to cross-site scripting via Display_FAQ to Shortcodes/DisplayFAQs.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.
CVE-2019-17233: WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection POC

日期: 2025-08-01 | 影响软件: WordPress Ultimate FAQs

Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.