Lucene search
China National Vulnerability DatabaseCNVD-2022-19839HistoryJan 26, 2022 - 12:00 a.m.
WordPress Ultimate FAQ plugin cross-site request forgery vulnerability
2022-01-2600:00:00
China National Vulnerability Database
www.cnvd.org.cn
10
wordpress
ultimate faq plugin
cross-site request forgery
vulnerability
php
mysql
ajax操作
arbitrary posts
security threat
EPSS
0.001
Percentile
21.4%
WordPress is the WordPress Foundation’s set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for WordPress, which stems from the ewd_ufaq_welcome_add_FAQ and ewd_ufaq_welcome_add_FAQ_ pages There is no functionality and CSRF checking in AJAX operations. An attacker could use this vulnerability to delete arbitrary posts.
Related
nvd
nvd
CVE-2021-24968
2022-01-24 08:15:08
wpvulndb
wpvulndb
Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation
2021-12-27 00:00:00
cvelist
cvelist
CVE-2021-24968 Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation
2022-01-24 08:00:59
cve
cve
CVE-2021-24968
2022-01-24 08:15:08
prion
prion
Cross site request forgery (csrf)
2022-01-24 08:15:00
patchstack
patchstack
wpexploit
wpexploit
Ultimate FAQ < 2.1.2 - Subscriber+ Arbitrary FAQ Creation
2021-12-27 00:00:00