CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17233 – Ultimate FAQ <= 1.8.24 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-17233
20 Sep 2019 — Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. El archivo Functions/EWD_UFAQ_Import.php en el plugin ultimate-faqs versiones hasta 1.8.24 para WordPress, permite la inyección de contenido HTML. • https://blog.nintechnet.com/unauthenticated-options-import-vulnerability-in-wordpress-ultimate-faq-plugin • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17232 – Ultimate FAQ <= 1.8.24 - Unauthenticated Options Import/Export
https://notcve.org/view.php?id=CVE-2019-17232
20 Sep 2019 — Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. El archivo Functions/EWD_UFAQ_Import.php en el plugin ultimate-faqs versiones hasta 1.8.24 para WordPress, permite la importación de opciones no autenticadas. • https://blog.nintechnet.com/unauthenticated-options-import-vulnerability-in-wordpress-ultimate-faq-plugin • CWE-306: Missing Authentication for Critical Function CWE-862: Missing Authorization •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-15643 – Ultimate Faqs <= 1.8.21 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2019-15643
08 May 2019 — The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. El plugin ultimate-faqs versiones anteriores a 1.8.22 para WordPress, tiene una vulnerabilidad de tipo XSS. • https://wordpress.org/plugins/ultimate-faqs/#developers • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-12199 – Ultimate Product Catalog <= 4.2.22 - SQL Injection
https://notcve.org/view.php?id=CVE-2017-12199
01 Aug 2017 — The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item. El plugin Etoile Ultimate Product Cata... • https://github.com/kevins1022/cve/blob/master/wordpress-product-catalog.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2017-12200 – Ultimate Product Catalog <= 4.2.11 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-12200
01 Aug 2017 — The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. El plugin Etoile Ultimate Product Catalog en su versión 4.2.11 para WordPress tiene una vulnerabilidad de tipo Cross-Site Scripting (XSS) en el componente Add Product Manually. • https://github.com/kevins1022/cve/blob/master/wordpress-product-catalog.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •