Recent Vulnerabilities Research Posts Trends Blog About Contact

Published: 24/01/2022 Updated: 25/10/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 5.7 | Impact Score: 3.6 | Exploitability Score: 2.1

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:N/I:P/A:N

The Ultimate FAQ WordPress plugin prior to 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions

Vulnerable Product	Search on Vulmon	Subscribe to Product
etoilewebdesign ultimate faq

CWE-352 https://plugins.trac.wordpress.org/changeset/2648562 https://wpscan.com/vulnerability/f0a9e6cc-46cc-4ac2-927a-c006b8e8aa68 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-24968

Vulnerability Summary

Vulnerability Trend

References

Vulmon Search

About

Products

Connect