Vulnerabilities > Etoilewebdesign
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-07 | CVE-2019-17233 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate FAQ Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | 4.3 |
| 2019-10-07 | CVE-2019-17232 | Improper Input Validation vulnerability in Etoilewebdesign Ultimate FAQ Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. | 5.0 |
| 2019-08-27 | CVE-2019-15643 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate FAQ The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | 4.3 |
| 2017-08-02 | CVE-2017-12200 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate Product Catalog 4.2.11 The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. | 4.3 |
| 2017-08-02 | CVE-2017-12199 | SQL Injection vulnerability in Etoilewebdesign Ultimate Product Catalog 4.2.11 The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item. | 7.5 |