Phpmyfaq

This hub aggregates every CVE we track for Phpmyfaq, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Phpmyfaq.

• CVE-2026-56396phpMyFAQ - Privilege Escalation via Missing Authorization in editUser() and updateUserRights()8.8Jun 21, 2026
• CVE-2026-49205phpMyFAQ: Missing userHasPermission() in 4 API write endpoints (CVE-2026-24421 Incomplete Fix)6.5Jun 18, 2026
• CVE-2026-35676phpMyFAQ - Unauthenticated Password Reset via User Password Update Endpoint8.2May 28, 2026
• CVE-2026-35675phpMyFAQ - Authentication Bypass via Missing Password Reset Token in /api/user/password/update8.2May 28, 2026
• CVE-2026-35672phpMyFAQ - Authentication Bypass via Empty API Token7.5May 28, 2026
• CVE-2026-35671phpMyFAQ - Insecure Direct Object Reference in User Password API8.8May 28, 2026
• CVE-2026-46367phpMyFAQ - Stored XSS via Utils::parseUrl() in Comment Rendering7.6May 15, 2026
• CVE-2026-46366phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass7.5May 15, 2026
• CVE-2026-46365phpMyFAQ - Missing Authorization in Tag Deletion Endpoint5.4May 15, 2026
• CVE-2026-46364phpMyFAQ - SQL Injection via User-Agent Header in BuiltinCaptcha9.8May 15, 2026
• CVE-2026-46363phpMyFAQ - Stored XSS in FAQ Question/Answer via Encode-Decode Bypass5.4May 15, 2026
• CVE-2026-46362phpMyFAQ - Authorization Bypass in Admin Pages via Non-Terminating Permission Check6.5May 15, 2026
• CVE-2026-46361phpMyFAQ - Stored Cross-Site Scripting via raw Filter in search.twig6.9May 15, 2026
• CVE-2026-46360phpMyFAQ - Stored XSS via Entity Decoding Depth Limit Bypass in SVG Sanitizer5.4May 15, 2026
• CVE-2026-46359phpMyFAQ - SQL Injection in CurrentUser::setTokenData via Unescaped OAuth Token Fields7.5May 15, 2026