Does FAQ plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in FAQ plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is FAQ plugin compatible with WordPress 4.4.34?

According to WordPress.org data, FAQ plugin 2.2.2 has been tested up to WordPress 4.4.34. Check the plugin's changelog for the latest compatibility information.

How often is FAQ plugin updated?

FAQ plugin was last updated on Mar 31, 2016. Frequent updates are generally a positive security signal.

What is FAQ plugin's security score?

FAQ plugin has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FAQ plugin Security & Risk Analysis

wordpress.org/plugins/adonide-faq-plugin

FAQ plugin is a quick, easy way to add an FAQs page.

10 active installs v2.2.2 PHP + WP 3.6.0+ Updated Mar 31, 2016

faq-pagefaq-plugintabs-contenttabs-htmlthtml-faq-content

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is FAQ plugin Safe to Use in 2026?

Generally Safe

Score 85/100

FAQ plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago

Risk Assessment

The adonide-faq-plugin v2.2.2 demonstrates a mixed security posture. On the positive side, the plugin has no known historical vulnerabilities and the static analysis shows no critical or high severity taint flows, no dangerous functions, and all SQL queries are prepared. It also has a very small attack surface with only one entry point (a shortcode) and no known cron events, external HTTP requests, or file operations, which generally reduces the potential for exploitation.

However, there are significant concerns. The most critical finding is that 100% of its output is not properly escaped. This presents a high risk of Cross-Site Scripting (XSS) vulnerabilities, allowing attackers to inject malicious scripts into the WordPress dashboard or frontend where the plugin's output is displayed. Additionally, the plugin has zero nonce checks and only two capability checks, which are insufficient for protecting its functionality, especially if the shortcode or any other interaction were to be exposed to unauthenticated users or less privileged roles. The absence of any reported vulnerabilities in its history is positive, but this could be due to a lack of past auditing or the presence of the aforementioned critical unaddressed security flaws that haven't been discovered or exploited yet.

In conclusion, while the plugin has a small attack surface and uses prepared statements for its SQL, the complete lack of output escaping is a severe security flaw that exposes users to XSS attacks. The limited checks for authorization and nonces further exacerbate this risk. The absence of historical vulnerabilities should not be relied upon as a guarantee of current security, especially given the identified code quality issues.

Key Concerns

100% of output not properly escaped
0 nonce checks
Limited capability checks (2/1 entry point)

Vulnerabilities

None known

FAQ plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

FAQ plugin Code Analysis

Dangerous Functions

Raw SQL Queries

1 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared1 total queries

Output Escaping

0% escaped10 total outputs

Attack Surface

FAQ plugin Attack Surface

Entry Points1

Unprotected0

Shortcodes 1

[faq] core\html-faq-page-postType.php:27

WordPress Hooks 13

actioninitcore\html-faq-page-postType.php:20

actioninitcore\html-faq-page-postType.php:21

actioninitcore\html-faq-page-postType.php:22

actionwp_enqueue_scriptscore\html-faq-page-postType.php:23

actionwp_enqueue_scriptscore\html-faq-page-postType.php:24

actionadmin_enqueue_scriptscore\html-faq-page-postType.php:25

actioninitcore\html-faq-page-postType.php:26

filtermce_external_pluginscore\html-faq-page-postType.php:40

filtermce_buttonscore\html-faq-page-postType.php:41

filtertiny_mce_versioncore\html-faq-page-postType.php:56

actionadmin_menucore\html-faq-page-postType.php:191

actionadmin_initcore\html-faq-page.php:17

actionplugins_loadedindex.php:27

Maintenance & Trust

FAQ plugin Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34

Last updatedMar 31, 2016

PHP min version

Downloads7K

Community Trust

Rating100/100

Number of ratings1

Active installs10

Alternatives

FAQ plugin Alternatives

AK Bootstrap FAQ

ak-bootstrap-faq

Bootstrap FAQ plugin integrated with Custom Post Type. Shortcode [ak_bootstrap_faq].

10 No CVEs

Init FAQ

init-faqs

100

A Init Faq (Frequently Asked Questions) plugin is a simple and quick way to display faqs in your theme using shortcodes.

10 No CVEs

Arconix FAQ

arconix-faq

Arconix FAQ provides an easy way to add FAQ items to your website.

7K 3 CVEs

Advanced FAQ Manager

advanced-faq-manager

The FAQ Manager plugin lets you create & manage FAQs in an accordion style. Use this WordPress FAQ plugin to group and display FAQs with ease.

2K 2 CVEs

Accordion FAQ with Category

accordion-faq-for-elementor

100

Responsive FAQ plugin with Accordion and Category for Elementor and page builders. Add FAQ with collapse and toggle activator easily.

200 No CVEs

Developer Profile

FAQ plugin Developer Profile

Bassem Rabia

5 plugins · 130 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect FAQ plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/adonide-faq-plugin/js/faqPage.js/wp-content/plugins/adonide-faq-plugin/css/faqPage_front.css/wp-content/plugins/adonide-faq-plugin/js/jquery.js/wp-content/plugins/adonide-faq-plugin/js/faqPage_front.js/wp-content/plugins/adonide-faq-plugin/js/faqPage_front_admin.js

Script Paths

/wp-content/plugins/adonide-faq-plugin/js/faqPage.js

Version Parameters

/wp-content/plugins/adonide-faq-plugin/css/faqPage_front.css?ver=/wp-content/plugins/adonide-faq-plugin/js/jquery.js?ver=/wp-content/plugins/adonide-faq-plugin/js/faqPage_front.js?ver=/wp-content/plugins/adonide-faq-plugin/js/faqPage_front_admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

faq_pagefaqPage_content

HTML Comments

<!--
			@ ------------------------------------------------------
			@	HTML FAQ PAGE 2.0
			@	Author: Bassem Rabia 2013
			@ ------------------------------------------------------  
		 -->

Data Attributes

id="html_faq_page"id="html_faq_page_"class="faq_page open"class="faqPage_content"

JS Globals

window.faqPage_buttonwindow.add_faqPage_tinymce_pluginwindow.register_faqPage_buttonwindow.faqPage_refresh_mce

Shortcode Output

<div id="html_faq_page">

<li>
			<a class="faq_page open" href="javascript:void(0)">

<div class="faqPage_content" id="html_faq_page_"<div class="answer">

FAQ