Vulnerabilities > Etoilewebdesign > Ultimate FAQ > 1.2.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-24 | CVE-2021-24968 | Cross-Site Request Forgery (CSRF) vulnerability in Etoilewebdesign Ultimate FAQ The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. | 5.7 |
| 2020-01-16 | CVE-2020-7107 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate FAQ The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. | 4.3 |
| 2019-10-07 | CVE-2019-17233 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate FAQ Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | 4.3 |
| 2019-10-07 | CVE-2019-17232 | Improper Input Validation vulnerability in Etoilewebdesign Ultimate FAQ Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. | 5.0 |
| 2019-08-27 | CVE-2019-15643 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate FAQ The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | 4.3 |