Vulnerabilities > Etoilewebdesign
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-24 | CVE-2021-24968 | Cross-Site Request Forgery (CSRF) vulnerability in Etoilewebdesign Ultimate FAQ The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. | 5.7 |
2020-08-26 | CVE-2020-24313 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate Appointment Booking & Scheduling Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of the "Appointment_ID" GET parameter before echoing it back out inside an input tag. | 6.1 |
2020-01-16 | CVE-2020-7107 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate FAQ The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. | 6.1 |
2019-10-07 | CVE-2019-17233 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate FAQ Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | 6.1 |
2019-10-07 | CVE-2019-17232 | Missing Authentication for Critical Function vulnerability in Etoilewebdesign Ultimate FAQ Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. | 7.5 |
2019-08-27 | CVE-2019-15643 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate FAQ The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | 6.1 |
2017-08-02 | CVE-2017-12200 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate Product Catalog 4.2.11 The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. | 6.1 |
2017-08-02 | CVE-2017-12199 | SQL Injection vulnerability in Etoilewebdesign Ultimate Product Catalog 4.2.11 The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item. | 9.8 |