Filtered by vendor Etoilewebdesign
Subscribe
Total
26 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-17232 | 1 Etoilewebdesign | 1 Ultimate Faq | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. | |||||
| CVE-2019-17233 | 1 Etoilewebdesign | 1 Ultimate Faq | 2020-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | |||||
| CVE-2020-7107 | 1 Etoilewebdesign | 1 Ultimate Faq | 2020-01-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. | |||||
| CVE-2019-15643 | 1 Etoilewebdesign | 1 Ultimate Faq | 2019-08-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | |||||
| CVE-2017-12200 | 1 Etoilewebdesign | 1 Ultimate Product Catalog | 2017-08-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. | |||||
| CVE-2017-12199 | 1 Etoilewebdesign | 1 Ultimate Product Catalog | 2017-08-03 | 7.5 HIGH | 9.8 CRITICAL |
| The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST actions: catalogue_update_order list-item, video_update_order video-item, image_update_order list-item, tag_group_update_order list_item, category_products_update_order category-product-item, custom_fields_update_order field-item, categories_update_order category-item, subcategories_update_order subcategory-item, and tags_update_order tag-list-item. | |||||