VYPR
Unrated severityNVD Advisory· Published Jan 24, 2022· Updated Aug 3, 2024

Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation

CVE-2021-24968

Description

The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.