Accordion Faq

CVEs (3)

CVE	Vendor / Product	Sev	Risk	CVSS	EPSS	Published	Description
CVE-2025-58024	WordPress Accordion Faq	Hig	0.49	7.5	—	Jun 2, 2026	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1.
CVE-2025-52759	UnboundStudio Accordion FAQ	Hig	0.46	7.1	—	Jun 2, 2026	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1.
CVE-2023-1891	WordPress Accordion Faq		0.00	—	0.00	Jun 27, 2023	The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting

CVE-2025-58024HigJun 2, 2026
WordPress
Accordion Faq
risk 0.49cvss 7.5epss —
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio Accordion FAQ allows PHP Local File Inclusion. This issue affects Accordion FAQ: from n/a through 2.2.1.
CVE-2025-52759HigJun 2, 2026
UnboundStudio
Accordion FAQ
risk 0.46cvss 7.1epss —
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ allows Reflected XSS. This issue affects Accordion FAQ: from n/a through 2.2.1.
CVE-2023-1891Jun 27, 2023
WordPress
Accordion Faq
risk 0.00cvss —epss 0.00
The Accordion & FAQ WordPress plugin before 1.9.9 does not escape various generated URLs, before outputting them in attributes when some notices are displayed, leading to Reflected Cross-Site Scripting