"product_name":"Ultimate FAQ – WordPress FAQ and Accordion Plugin",
"version":{
"version_data":[
{
"version_affected":"<",
"version_name":"2.1.2",
"version_value":"2.1.2"
}
]
}
}
]
}
}
]
}
},
"description":{
"description_data":[
{
"lang":"eng",
"value":"The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated users. As a result, any users, with a role as low as Subscriber could create FAQ and FAQ questions"
