CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-13801 – BWL Advanced FAQ Manager <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Limited Arbitrary Options Update
https://notcve.org/view.php?id=CVE-2024-13801
25 Mar 2025 — The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to '1' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legit... • https://codecanyon.net/item/bwl-advanced-faq-manager/5007135 • CWE-862: Missing Authorization •
CVSS: 9.1EPSS: 31%CPEs: 1EXPL: 2CVE-2024-32136 – WordPress BWL Advanced FAQ Manager plugin <= 2.0.3 - Auth. SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-32136
12 Apr 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Xenioushk BWL Advanced FAQ Manager.This issue affects BWL Advanced FAQ Manager: from n/a through 2.0.3. Neutralización inadecuada de elementos especiales utilizados en una vulnerabilidad de comando SQL ('inyección SQL') en Xenioushk BWL Advanced FAQ Manager. Este problema afecta a BWL Advanced FAQ Manager: desde n/a hasta 2.0.3. The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to SQL Injectio... • https://packetstorm.news/files/id/178874 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •