thorsten/phpMyFAQ

Packagist4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting thorsten/phpMyFAQpage 1 of 1

CVE-2026-45009MEDIUMCVSS 4.3EG 4.3✓ Fixed in 4.1.2
2026-05-15
phpMyFAQ before 4.1.2 contains an insufficient authorization vulnerability in admin-api routes that allows authenticated ordinary users to access administrative endpoints by only checking login status instead of verifying backend privilege…
CVE-2026-46360MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.1.2
2026-05-15
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in SvgSanitizer::decodeAllEntities() that limits recursive entity decoding to 5 iterations, allowing attackers to bypass sanitization. Authenticated users with FAQ_…
CVE-2026-46363MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.1.2
2026-05-15
phpMyFAQ before 4.1.2 contains a stored cross-site scripting vulnerability in FAQ creation and update endpoints that bypass sanitization through encode-decode cycles. The vulnerability allows authenticated attackers with FAQ_ADD permission…
CVE-2026-46365MEDIUMCVSS 5.4EG 5.4✓ Fixed in 4.1.2
2026-05-15
phpMyFAQ before 4.1.2 contains a missing authorization vulnerability in the DELETE /admin/api/content/tags/{tagId} endpoint that allows any authenticated user to delete tags. Any logged-in user, including regular frontend users, can delete…

Check whether thorsten/phpMyFAQ is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for thorsten/phpMyFAQ CVEs against the assets you own.

Start Free Scan →