CVE-2024-5704

Name of the Vulnerable Software and Affected Versions: The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin] versions up to, and including, 1.6.4

Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without proper authorization due to a missing capability check on several functions. This enables them to add new and update existing FAQs, FAQ lists, and modify FAQ associations with products.

Recommendations: For versions up to, and including, 1.6.4, update to a version higher than 1.6.4 to resolve the issue. As a temporary workaround, consider restricting access to the functions that allow modification of FAQs, FAQ lists, and FAQ associations with products to minimize the risk of exploitation.