WP-Safety

Advanced FAQ Manager Security & Risk Analysis

wordpress.org/plugins/advanced-faq-manager

The FAQ Manager plugin lets you create & manage FAQs in an accordion style. Use this WordPress FAQ plugin to group and display FAQs with ease.

2K active installs v1.5.3 PHP + WP 5.0+ Updated Nov 26, 2025
accordion-faqfaq-pluginfaq-widgetwordpress-faqwordpress-faq-plugin
98
A · Safe
CVEs total2
Unpatched0
Last CVEDec 6, 2025
Plugin page Download
Safety Verdict

Is Advanced FAQ Manager Safe to Use in 2026?

Generally Safe

Score 98/100

Advanced FAQ Manager has a strong security track record. Known vulnerabilities have been patched promptly.

2 known CVEsLast CVE: Dec 6, 2025Updated 4mo ago
Risk Assessment

The 'advanced-faq-manager' plugin v1.5.3 exhibits a mixed security posture. On the positive side, the plugin demonstrates strong practices regarding SQL queries, utilizing prepared statements exclusively, and has a very high rate of output escaping, minimizing the risk of cross-site scripting vulnerabilities stemming from its output. File operations and external HTTP requests are also absent, reducing potential attack vectors. However, the presence of three AJAX handlers without authentication checks represents a significant concern, as these entry points could be exploited by unauthenticated users. While the taint analysis shows no immediate critical or high severity vulnerabilities, the historical data reveals two medium-severity Cross-Site Scripting (XSS) vulnerabilities. The fact that the last vulnerability was in 2025 and is currently unpatched is a serious indicator of ongoing security maintenance issues. Despite good coding practices in certain areas, the unprotected AJAX endpoints and the history of XSS vulnerabilities, combined with a recent unpatched issue, point to a need for immediate attention to security patching and access control on its AJAX handlers.

Key Concerns

  • 3 AJAX handlers without authentication checks
  • History of 2 medium severity CVEs, last one unpatched
Vulnerabilities
2

Advanced FAQ Manager Security Vulnerabilities

CVEs by Year

2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
2

2 total CVEs

CVE-2025-67556medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced FAQ Manager <= 1.5.2 - Authenticated (Author+) Stored Cross-Site Scripting

Dec 6, 2025 Patched in 1.5.3 (5d)
CVE-2025-67553medium · 6.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Advanced FAQ Manager <= 1.5.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

Oct 24, 2025 Patched in 1.5.3 (48d)
Code Analysis
Analyzed Mar 16, 2026

Advanced FAQ Manager Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
7
231 escaped
Nonce Checks
5
Capability Checks
3
File Operations
0
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

Output Escaping

97% escaped238 total outputs
Attack Surface
3 unprotected

Advanced FAQ Manager Attack Surface

Entry Points6
Unprotected3

AJAX Handlers 3

authwp_ajax_like_dislike_optionincludes\class-thfaqf.php:68
authwp_ajax_thfaqf_commentincludes\class-thfaqf.php:69
noprivwp_ajax_thfaqf_commentincludes\class-thfaqf.php:70

Shortcodes 3

[FAQ] includes\public\class-thfaqf-public.php:8
[faq] includes\public\class-thfaqf-public.php:9
[thfaq_group] includes\public\class-thfaqf-public.php:11
WordPress Hooks 12
actioninitadvanced-faq-manager.php:20
actionadmin_enqueue_scriptsincludes\class-thfaqf.php:45
actionadmin_menuincludes\class-thfaqf.php:46
actioninitincludes\class-thfaqf.php:50
actionadd_meta_boxesincludes\class-thfaqf.php:51
actionsave_postincludes\class-thfaqf.php:52
filtermanage_posts_columnsincludes\class-thfaqf.php:53
actionmanage_posts_custom_columnincludes\class-thfaqf.php:54
filterdynamic_sidebar_paramsincludes\class-thfaqf.php:55
actionwp_enqueue_scriptsincludes\class-thfaqf.php:67
filterbody_classincludes\class-thfaqf.php:71
actionwp_headincludes\public\class-thfaqf-public.php:10
Maintenance & Trust

Advanced FAQ Manager Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedNov 26, 2025
PHP min version
Downloads17K

Community Trust

Rating76/100
Number of ratings4
Active installs2K
Alternatives

Advanced FAQ Manager Alternatives

Accordion FAQ with Category

Accordion FAQ with Category

accordion-faq-for-elementor

A
100

Responsive FAQ plugin with Accordion and Category for Elementor and page builders. Add FAQ with collapse and toggle activator easily.

200 No CVEs
Accordion FAQ

Accordion FAQ

elfsight-faq

A
100

Anticipate your clients’ questions and eliminate doubts with informative FAQ.

40 No CVEs
AJ FAQ Block

AJ FAQ Block

aj-faq-block

A
100

A simple and powerful FAQ Block plugin to showcase your visitor Frequently Asked Questions in an engaging way.

0 No CVEs
Accordion FAQ

Accordion FAQ

accordion-faq-plugin

A
92

Faq plugin provide you accordion with simple,easy,best,quick and multiple faq.

60 No CVEs
CCR Colorful FAQ

CCR Colorful FAQ

ccr-colorful-faq

A
85

CCR Colorful FAQs WordPress Plugin developed by [CodexCoder](http://www.codexcoder.com/ "CodexCoder").

10 No CVEs
Developer Profile

Advanced FAQ Manager Developer Profile

ThemeHigh

16 plugins · 579K total installs

77
trust score
Avg Security Score
97/100
Avg Patch Time
245 days
View full developer profile
Detection Fingerprints

How We Detect Advanced FAQ Manager

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/advanced-faq-manager/assets/public/css/thfaqf-public.css/wp-content/plugins/advanced-faq-manager/assets/public/js/thfaqf-public.js/wp-content/plugins/advanced-faq-manager/assets/admin/css/thfaqf-admin.css/wp-content/plugins/advanced-faq-manager/assets/admin/js/thfaqf-admin.js/wp-content/plugins/advanced-faq-manager/assets/admin/css/font-awesome.min.css/wp-content/plugins/advanced-faq-manager/assets/admin/js/fontawesome.min.js/wp-content/plugins/advanced-faq-manager/assets/admin/css/select2.min.css/wp-content/plugins/advanced-faq-manager/assets/admin/js/select2.min.js
Script Paths
/wp-content/plugins/advanced-faq-manager/assets/public/js/thfaqf-public.js/wp-content/plugins/advanced-faq-manager/assets/admin/js/thfaqf-admin.js/wp-content/plugins/advanced-faq-manager/assets/admin/js/fontawesome.min.js/wp-content/plugins/advanced-faq-manager/assets/admin/js/select2.min.js
Version Parameters
advanced-faq-manager/assets/public/css/thfaqf-public.css?ver=advanced-faq-manager/assets/public/js/thfaqf-public.js?ver=advanced-faq-manager/assets/admin/css/thfaqf-admin.css?ver=advanced-faq-manager/assets/admin/js/thfaqf-admin.js?ver=advanced-faq-manager/assets/admin/css/font-awesome.min.css?ver=advanced-faq-manager/assets/admin/js/fontawesome.min.js?ver=advanced-faq-manager/assets/admin/css/select2.min.css?ver=advanced-faq-manager/assets/admin/js/select2.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
thfaqf-faq-itemthfaqf-faq-titlethfaqf-faq-contentthfaqf-plus-iconthfaqf-minus-iconthfaqf-faq-wrapperthfaqf-faq-listthfaqf-faq-search-form+4 more
HTML Comments
<!-- The main FAQ class --><!-- FAQ Shortcode --><!-- The content of the FAQ -->
Data Attributes
data-faq-iddata-category-id
JS Globals
thfaqf_var
Shortcode Output
[FAQ][faq]
FAQ

Frequently Asked Questions about Advanced FAQ Manager