Known Vulnerabilities for products from Etoilewebdesign
Listed below are 12 of the newest known vulnerabilities associated with the vendor "Etoilewebdesign".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2025-47580 | Missing Authorization vulnerability in Rustaurius Front End Users front-end-only-users allows Exploiting Incorrectly Configur... | Not Provided | 2025-05-15 | 2026-04-01 |
| CVE-2025-26877 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Front End Us... | Not Provided | 2025-02-25 | 2026-04-01 |
| CVE-2022-23979 | Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in Ultimate Reviews WordPress plugin (versi... | 4.8 - MEDIUM | 2022-01-28 | 2022-02-02 |
| CVE-2021-24993 | The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions,... | 6.5 - MEDIUM | 2022-02-07 | 2022-10-25 |
| CVE-2021-24968 | The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and e... | 5.7 - MEDIUM | 2022-01-24 | 2022-10-25 |
| CVE-2020-24313 | Etoile Web Design Ultimate Appointment Booking & Scheduling WordPress Plugin v1.1.9 and lower does not sanitize the value of ... | 6.1 - MEDIUM | 2020-08-26 | 2020-09-03 |
| CVE-2020-7107 | The Ultimate FAQ plugin before 1.8.30 for WordPress allows XSS via Display_FAQ to Shortcodes/DisplayFAQs.php. | 6.1 - MEDIUM | 2020-01-16 | 2020-01-21 |
| CVE-2019-17233 | Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | 6.1 - MEDIUM | 2019-10-07 | 2020-08-24 |
| CVE-2019-17232 | Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows unauthenticated options import. | 7.5 - HIGH | 2019-10-07 | 2021-07-21 |
| CVE-2019-15643 | The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | 6.1 - MEDIUM | 2019-08-27 | 2019-08-28 |
| CVE-2017-12200 | The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has XSS in the Add Product Manually component. | 6.1 - MEDIUM | 2017-08-02 | 2017-08-08 |
| CVE-2017-12199 | The Etoile Ultimate Product Catalog plugin 4.2.11 for WordPress has SQL injection with these wp-admin/admin-ajax.php POST act... | 9.8 - CRITICAL | 2017-08-02 | 2017-08-03 |
Known software with vulnerabilities from Etoilewebdesign
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Etoilewebdesign | Ultimate Appointment Booking Amp Scheduling | 0.1 |
| Application | Etoilewebdesign | Ultimate Faq | 1.0.0 |