VYPR

Faq Builder Ays

by WordPress

Source repositories

CVEs (3)

  • CVE-2024-11458MedNov 28, 2024
    risk 0.40cvss 6.1epss 0.00

    The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ays_faq_tab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers…

  • CVE-2025-24722MedJan 24, 2025
    risk 0.38cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Stored XSS.This issue affects FAQ Builder AYS: from n/a through <= 1.7.3.

  • CVE-2021-24461Aug 2, 2021
    risk 0.00cvss epss 0.01

    The get_faqs() function in the FAQ Builder AYS WordPress plugin before 1.3.6 did not use whitelist or validate the orderby parameter before using it in SQL statements passed to the get_results() DB calls, leading to SQL injection issues in the admin dashboard