WP-Safety

Arconix FAQ Security & Risk Analysis

wordpress.org/plugins/arconix-faq

Arconix FAQ provides an easy way to add FAQ items to your website.

7K active installs v1.9.7 PHP + WP 3.8+ Updated Jun 10, 2025
accordionarconixfaqfaq-plugintoggle
97
A · Safe
CVEs total3
Unpatched0
Last CVEJun 12, 2025
Plugin page Download
Safety Verdict

Is Arconix FAQ Safe to Use in 2026?

Generally Safe

Score 97/100

Arconix FAQ has a strong security track record. Known vulnerabilities have been patched promptly.

3 known CVEsLast CVE: Jun 12, 2025Updated 9mo ago
Risk Assessment

The "arconix-faq" v1.9.7 plugin exhibits a mixed security posture. On the positive side, static analysis indicates good practices in several areas, including 100% of SQL queries using prepared statements, robust nonce and capability checks for its identified entry points, and no discovered unsanitized taint flows or critical/high severity vulnerabilities in the code analysis. The absence of file operations and the limited number of external HTTP requests also contribute to a reduced attack surface in those domains.

However, a notable concern is the presence of a `unserialize` function. While not explicitly flagged with a taint flow, deserialization vulnerabilities are inherently risky as they can lead to code execution if not handled with extreme care and if untrusted data is being unserialized. Additionally, the plugin has a history of three medium severity vulnerabilities, primarily related to Cross-Site Scripting and Missing Authorization. Although none are currently unpatched, this pattern suggests past weaknesses that could potentially re-emerge if not addressed diligently in future development.

In conclusion, the plugin demonstrates strengths in its use of prepared statements and access control checks. The primary areas for improvement are the secure handling of the `unserialize` function to mitigate potential deserialization risks and continued vigilance regarding common vulnerability types like XSS and authorization, drawing from its past CVE history. The lack of unpatched vulnerabilities is a positive indicator, but the past record and the presence of a dangerous function warrant careful consideration.

Key Concerns

  • Dangerous function: unserialize detected
  • Past medium severity vulnerabilities (3 total)
  • Output escaping only 59% properly escaped
Vulnerabilities
3

Arconix FAQ Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
2 CVEs in 2025
2025
Patched Has unpatched

Severity Breakdown

Medium
3

3 total CVEs

CVE-2025-49874medium · 4.3Missing Authorization

Arconix FAQ <= 1.9.6 - Missing Authorization

Jun 12, 2025 Patched in 1.9.7 (6d)
CVE-2025-32531medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Arconix FAQ <= 1.9.5 - Reflected Cross-Site Scripting

Apr 10, 2025 Patched in 1.9.6 (42d)
CVE-2024-38783medium · 5.3Missing Authorization

Arconix FAQ <= 1.9.4 - Missing Authorization

Jul 19, 2024 Patched in 1.9.5 (7d)
Code Analysis
Analyzed Mar 16, 2026

Arconix FAQ Code Analysis

Dangerous Functions
1
Raw SQL Queries
0
4 prepared
Unescaped Output
117
170 escaped
Nonce Checks
10
Capability Checks
10
File Operations
0
External Requests
2
Bundled Libraries
0

Dangerous Functions Found

unserialize$datetime = unserialize( $meta_value );includes\metabox\helpers\cmb_Meta_Box_types.php:486

SQL Query Safety

100% prepared4 total queries

Output Escaping

59% escaped287 total outputs
Data Flows
All sanitized

Data Flow Analysis

2 flows
ts_tracking_actions (includes\component\tracking-data\ts-tracking.php:318)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Arconix FAQ Attack Surface

Entry Points4
Unprotected0

AJAX Handlers 3

authwp_ajax_ts_submit_uninstall_reasonincludes\component\deactivate-survey-popup\class-ts-deactivation.php:50
authwp_ajax_cmb2_oembed_handlerincludes\metabox\includes\CMB2_Ajax.php:51
noprivwp_ajax_cmb2_oembed_handlerincludes\metabox\includes\CMB2_Ajax.php:52

Shortcodes 1

[faq] includes\class-arconix-faq-admin.php:77
WordPress Hooks 77
actioninitincludes\arconix-faq-all-component.php:32
actioninitincludes\class-arconix-faq-admin.php:62
actionwp_enqueue_scriptsincludes\class-arconix-faq-admin.php:63
actionadmin_enqueue_scriptsincludes\class-arconix-faq-admin.php:64
actionmanage_posts_custom_columnincludes\class-arconix-faq-admin.php:65
filtermanage_faq_posts_columnsincludes\class-arconix-faq-admin.php:72
filterpost_updated_messagesincludes\class-arconix-faq-admin.php:73
filtercmb2_admin_initincludes\class-arconix-faq-admin.php:74
actionadd_meta_boxes_faqincludes\class-arconix-faq-admin.php:75
actionadmin_initincludes\class-arconix-faq-admin.php:81
filterts_deativate_plugin_questionsincludes\class-arconix-faq-admin.php:82
filterts_tracker_dataincludes\class-arconix-faq-admin.php:84
filterts_tracker_opt_out_dataincludes\class-arconix-faq-admin.php:85
actionadmin_menuincludes\class-arconix-faq-admin.php:86
actiondashboard_glance_itemsincludes\class-gamajo-dashboard-glancer.php:39
actionadmin_footerincludes\component\deactivate-survey-popup\class-ts-deactivation.php:49
actionadmin_menuincludes\component\faq-support\ts-faq-support.php:93
actionadmin_headincludes\component\faq-support\ts-faq-support.php:94
actionadmin_noticesincludes\component\tracking-data\ts-tracking.php:107
actionadmin_footerincludes\component\tracking-data\ts-tracking.php:108
filtercron_schedulesincludes\component\tracking-data\ts-tracking.php:111
actionadmin_initincludes\component\tracking-data\ts-tracking.php:115
actionadmin_initincludes\component\welcome-page\ts-welcome.php:95
actionadmin_initincludes\component\welcome-page\ts-welcome.php:100
actionadmin_menuincludes\component\welcome-page\ts-welcome.php:102
actionadmin_headincludes\component\welcome-page\ts-welcome.php:103
actionadmin_initincludes\component\welcome-page\ts-welcome.php:107
actioncmb2_admin_initincludes\metabox\example-functions.php:105
actioncmb2_admin_initincludes\metabox\example-functions.php:470
actioncmb2_admin_initincludes\metabox\example-functions.php:500
actioncmb2_admin_initincludes\metabox\example-functions.php:564
actioncmb2_admin_initincludes\metabox\example-functions.php:633
actioncmb2_admin_initincludes\metabox\example-functions.php:674
actioncmb2_initincludes\metabox\example-functions.php:776
filterget_post_metadataincludes\metabox\helpers\cmb_Meta_Box_ajax.php:112
filterupdate_post_metadataincludes\metabox\helpers\cmb_Meta_Box_ajax.php:114
filterwp_prepare_attachment_for_jsincludes\metabox\includes\CMB2.php:1525
actionadmin_enqueue_scriptsincludes\metabox\includes\CMB2.php:1543
actioncmb2_save_options-page_fieldsincludes\metabox\includes\CMB2_Ajax.php:54
filterget_post_metadataincludes\metabox\includes\CMB2_Ajax.php:147
filterupdate_post_metadataincludes\metabox\includes\CMB2_Ajax.php:150
filtercmb2_show_onincludes\metabox\includes\CMB2_hookup.php:79
actionedit_form_topincludes\metabox\includes\CMB2_hookup.php:115
actionedit_form_before_permalinkincludes\metabox\includes\CMB2_hookup.php:119
actionedit_form_after_titleincludes\metabox\includes\CMB2_hookup.php:123
actionedit_form_after_editorincludes\metabox\includes\CMB2_hookup.php:127
actionadd_meta_boxesincludes\metabox\includes\CMB2_hookup.php:131
actionadd_meta_boxesincludes\metabox\includes\CMB2_hookup.php:134
actionadd_attachmentincludes\metabox\includes\CMB2_hookup.php:135
actionedit_attachmentincludes\metabox\includes\CMB2_hookup.php:136
actionsave_postincludes\metabox\includes\CMB2_hookup.php:137
actionpre_get_postsincludes\metabox\includes\CMB2_hookup.php:144
actionadd_meta_boxes_commentincludes\metabox\includes\CMB2_hookup.php:152
actionedit_commentincludes\metabox\includes\CMB2_hookup.php:153
filtermanage_edit-comments_columnsincludes\metabox\includes\CMB2_hookup.php:156
actionmanage_comments_custom_columnincludes\metabox\includes\CMB2_hookup.php:157
filtermanage_edit-comments_sortable_columnsincludes\metabox\includes\CMB2_hookup.php:158
actionpre_get_postsincludes\metabox\includes\CMB2_hookup.php:159
actionshow_user_profileincludes\metabox\includes\CMB2_hookup.php:168
actionedit_user_profileincludes\metabox\includes\CMB2_hookup.php:169
actionuser_new_formincludes\metabox\includes\CMB2_hookup.php:170
actionpersonal_options_updateincludes\metabox\includes\CMB2_hookup.php:172
actionedit_user_profile_updateincludes\metabox\includes\CMB2_hookup.php:173
actionuser_registerincludes\metabox\includes\CMB2_hookup.php:174
filtermanage_users_columnsincludes\metabox\includes\CMB2_hookup.php:177
filtermanage_users_custom_columnincludes\metabox\includes\CMB2_hookup.php:178
filtermanage_users_sortable_columnsincludes\metabox\includes\CMB2_hookup.php:179
actionpre_get_postsincludes\metabox\includes\CMB2_hookup.php:180
actionpre_get_postsincludes\metabox\includes\CMB2_hookup.php:226
actioncreated_termincludes\metabox\includes\CMB2_hookup.php:230
actionedited_termsincludes\metabox\includes\CMB2_hookup.php:231
actiondelete_termincludes\metabox\includes\CMB2_hookup.php:232
actioncmb2_do_oembedincludes\metabox\includes\helper-functions.php:131
filteris_protected_metaincludes\metabox\includes\rest-api\CMB2_REST.php:144
actioninitincludes\metabox\init.php:131
actioninitplugin.php:52
actionplugins_loadedplugin.php:115
Maintenance & Trust

Arconix FAQ Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedJun 10, 2025
PHP min version
Downloads219K

Community Trust

Rating94/100
Number of ratings79
Active installs7K
Alternatives

Arconix FAQ Alternatives

Accordion FAQ with Category

Accordion FAQ with Category

accordion-faq-for-elementor

A
100

Responsive FAQ plugin with Accordion and Category for Elementor and page builders. Add FAQ with collapse and toggle activator easily.

200 No CVEs
Gutena Accordion – Beautiful FAQ Accordion Block

Gutena Accordion – Beautiful FAQ Accordion Block

gutena-accordion

A
100

Gutena Accordion is a WordPress Plugin which makes accordion dropdown creation really easy inside the block editor. Furthermore, it is very light weig &hellip;

5K No CVEs
Advanced FAQ Manager

Advanced FAQ Manager

advanced-faq-manager

A
98

The FAQ Manager plugin lets you create & manage FAQs in an accordion style. Use this WordPress FAQ plugin to group and display FAQs with ease.

2K 2 CVEs
Awesome FAQ – Modern Accordion, Tabs,Responsive & Super Fast FAQ Builder.

Awesome FAQ – Modern Accordion, Tabs,Responsive & Super Fast FAQ Builder.

faq-and-answers

A
99

Create responsive FAQ sections, toggle content, and multiple accordion-style question groups effortlessly on your WordPress site.

400 1 CVE
FAQ Builder AYS

FAQ Builder AYS

faq-builder-ays

A
97

Create FAQs and accordions for your WP website without effort with FAQ Builder. Has Gutenberg Block, responsive design, 20+ style options, etc.

100 3 CVEs
Developer Profile

Arconix FAQ Developer Profile

tychesoftwares

20 plugins · 160K total installs

73
trust score
Avg Security Score
91/100
Avg Patch Time
232 days
View full developer profile
Detection Fingerprints

How We Detect Arconix FAQ

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/arconix-faq/css/arconix-faq.css/wp-content/plugins/arconix-faq/css/arconix-faq-public.css/wp-content/plugins/arconix-faq/js/arconix-faq-public.js/wp-content/plugins/arconix-faq/js/arconix-faq.js
Script Paths
/wp-content/plugins/arconix-faq/js/arconix-faq-public.js/wp-content/plugins/arconix-faq/js/arconix-faq.js
Version Parameters
arconix-faq/css/arconix-faq.css?ver=arconix-faq/css/arconix-faq-public.css?ver=arconix-faq/js/arconix-faq-public.js?ver=arconix-faq/js/arconix-faq.js?ver=

HTML / DOM Fingerprints

CSS Classes
arconix-faq-wrapperarconix-faq-titlearconix-faq-itemarconix-faq-questionarconix-faq-answer
Data Attributes
data-arconix-faq-id
JS Globals
arconix_faq_js_params
Shortcode Output
[arconix-faq[arconix_faq
FAQ

Frequently Asked Questions about Arconix FAQ