VYPR

Advanced FAQ Manager Lite

by WordPress

CVEs (2)

  • CVE-2024-13801HigMar 26, 2025
    risk 0.53cvss 8.1epss 0.00

    The BWL Advanced FAQ Manager plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'baf_set_notice_status' AJAX action in all versions up to, and including, 2.1.4. This makes it…

  • CVE-2026-4075MedMar 26, 2026
    risk 0.42cvss 6.4epss 0.00

    The BWL Advanced FAQ Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'baf_sbox' shortcode in all versions up to and including 1.1.1. This is due to insufficient input sanitization and output escaping on user-supplied shortcode attributes…