Etoilewebdesign: Security Vulnerabilities
The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php.
CVSS Score
6.1
EPSS Score
0.052
Published
2020-01-16
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import.
CVSS Score
7.5
EPSS Score
0.007
Published
2019-10-07
Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection.
CVSS Score
6.1
EPSS Score
0.006
Published
2019-10-07
The ultimate-faqs plugin before 1.8.22 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-27
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item.
CVSS Score
9.8
EPSS Score
0.02
Published
2017-08-02
The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component.
CVSS Score
6.1
EPSS Score
0.003
Published
2017-08-02
Page 3