Etoilewebdesign: >> Ultimate Faq >> 1.9.2 Security Vulnerabilities
The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions
CVSS Score
5.7
EPSS Score
0.001
Published
2022-01-24