Really Simple Security logo

Log out
Get PRO

Latest

Input validation vulnerability in Accordion 2.2.40

  • Severity: medium-risk
  • Status: Fixed
  • Publication: August 17, 2022

The Accordion plugin for WordPress is vulnerable to a type of attack called Stored Cross-Site Scripting. This attack can be carried out by people with administrative privileges on WordPress installations running versions up to 2.2.40 of the plugin. This type of attack allows malicious code to be injected into web pages. When someone accesses a web page with the malicious code, the code can be executed. This vulnerability only affects WordPress installations running on multiple sites, or sites where certain security features have been disabled.

Detected in:

Accordion fixed vulnerable versions:
Accordion – AI FAQ, Accordion, Tabs, Image Accordion, Product FAQ, FAQ Builder, FAQ Grid fixed vulnerable versions:
Accordions – AI FAQ, Accordion, Tabs, Image Accordion ,Product FAQ, FAQ Builder, fixed vulnerable versions:
Accordions – AI FAQ, Post Accordion, Product FAQ, FAQ Builder fixed vulnerable versions:
Accordions Combo fixed vulnerable versions:

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.