ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Ultimate FAQ plugin <= 1.8.24 - Unauthenticated Options Import/Export vulnerability

Product
Ultimate FAQ
Description
Unauthenticated Options Import/Export vulnerability found by Jerome Bruandet in WordPress Ultimate FAQ plugin (versions <= 1.8.24).
Solution
Update the WordPress Ultimate FAQ plugin to the latest available version (at least 1.8.25).
Classification
Type Multi
OWASP Top 10 A7: Missing Function Level Access Control
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 1.8.24
Fixed In 1.8.25
Disclosure date
2019-09-23
Credits
Jerome Bruandet
Submitter
ThreatPress