CVE-2026-25346

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ays Pro FAQ Builder AYS faq-builder-ays allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FAQ Builder AYS: from n/a through <= 1.8.2.

References

• https://patchstack.com/database/Wordpress/Plugin/faq-builder-ays/vulnerability/wordpress-faq-builder-ays-plugin-1-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve