Threat Entry Updated 2025-01-25

CVE-2024-13721 - Accordions Plugin

The Plethora Plugins Tabs + Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the anchor parameter in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

PLUGIN Accordions

CVE-2024-13721

MEDIUM CVSS 6.4 2025-01-25

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2024-1641 - Accordions Plugin

The Accordion plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'accordions_duplicate_post_as_draft' function in all versions up to, and including, 2.2.96. This makes it possible for authenticated attackers, with contributor access and above, to duplicate arbitrary posts, allowing access to the contents of password-protected posts.

PLUGIN Accordions

CVE-2024-1641

MEDIUM CVSS 5.4 2024-04-09

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-38104 - Accordions Plugin

Auth. WordPress Options Change (siteurl, users_can_register, default_role, admin_email and new_admin_email) vulnerability in Biplob Adhikari's Accordions – Multiple Accordions or FAQs Builder plugin (versions

PLUGIN Accordions

CVE-2022-38104

HIGH CVSS 7.2 2022-10-21

Risk Score

Open Full Technical Breakdown

Threat Entry Updated 2024-11-21

CVE-2022-33198 - Accordions Plugin

Unauthenticated WordPress Options Change vulnerability in Biplob Adhikari's Accordions plugin

PLUGIN Accordions

CVE-2022-33198

CRITICAL CVSS 9.8 2022-07-21

Risk Score

Open Full Technical Breakdown