Does FAQ Builder AYS have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is FAQ Builder AYS compatible with WordPress 7.0?

According to WordPress.org data, FAQ Builder AYS 1.8.4 has been tested up to WordPress 7.0. Check the plugin's changelog for the latest compatibility information.

How often is FAQ Builder AYS updated?

FAQ Builder AYS was last updated on Apr 14, 2026. Frequent updates are generally a positive security signal.

What is FAQ Builder AYS's security score?

FAQ Builder AYS has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

FAQ Builder AYS Security & Risk Analysis

wordpress.org/plugins/faq-builder-ays

Create FAQs and accordions for your WP website without effort with FAQ Builder. Has Gutenberg Block, responsive design, 20+ style options, etc.

100 active installs v1.8.4 PHP + WP 4.0+ Updated Apr 14, 2026

accordion-faqsfaqfaqsfrequently-asked-questionstoggle-faqs

A · Safe

CVEs total4

Unpatched0

Last CVEMar 20, 2026

Plugin page Download

Safety Verdict

Is FAQ Builder AYS Safe to Use in 2026?

Generally Safe

Score 92/100

FAQ Builder AYS has a strong security track record. Known vulnerabilities have been patched promptly. It's a solid choice for most WordPress installations.

4 known CVEsLast CVE: Mar 20, 2026Updated 1mo ago

Risk Assessment

The faq-builder-ays plugin exhibits a mixed security posture. While it demonstrates good practices in SQL query preparation and includes a reasonable number of nonce and capability checks, significant concerns arise from its attack surface and output sanitization.

The plugin exposes a large attack surface with 12 entry points, a concerning 10 of which lack authentication checks. This is further exacerbated by taint analysis revealing flows with unsanitized paths, including one of high severity. Furthermore, the code analysis indicates that only 47% of output is properly escaped, suggesting a susceptibility to Cross-Site Scripting vulnerabilities.

The plugin's vulnerability history, with 3 known CVEs including one high-severity issue, reinforces these concerns. The common vulnerability types (XSS and SQL Injection) align with the findings from the static analysis, particularly the unsanitized paths and insufficient output escaping. While there are currently no unpatched CVEs, the historical pattern of vulnerabilities and the identified weaknesses in the current version warrant careful consideration.

Key Concerns

Large attack surface without authentication
High severity taint flow found
Low percentage of properly escaped output
One high severity historical CVE
Two medium severity historical CVEs

Vulnerabilities

4 published

FAQ Builder AYS Security Vulnerabilities

CVEs by Year

1 CVE in 2021

2021

1 CVE in 2024

2024

1 CVE in 2025

2025

1 CVE in 2026

2026

Patched Has unpatched

Severity Breakdown

High

Medium

4 total CVEs

CVE-2026-25346high · 7.2Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FAQ Builder AYS <= 1.8.2 - Unauthenticated Stored Cross-Site Scripting

Mar 20, 2026 Patched in 1.8.3 (7d)

CVE-2025-24722medium · 4.4Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FAQ Builder AYS <= 1.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Jan 24, 2025 Patched in 1.7.4 (5d)

CVE-2024-11458medium · 6.1Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FAQ Builder AYS <= 1.7.1 - Reflected Cross-Site Scripting

Nov 27, 2024 Patched in 1.7.2 (1d)

CVE-2021-24461high · 8.8Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

FAQ Builder AYS <= 1.3.5 - Blind SQL Injection

Jun 29, 2021 Patched in 1.3.6 (938d)

Version History

FAQ Builder AYS Release Timeline

v1.8.4Current

v1.8.3

v1.8.21 CVE

v1.8.11 CVE

v1.8.01 CVE

v1.7.91 CVE

v1.7.81 CVE

v1.7.71 CVE

v1.7.61 CVE

v1.7.51 CVE

v1.7.41 CVE

v1.7.32 CVEs

CVE-2025-24722 CVE-2026-25346

v1.7.22 CVEs

CVE-2025-24722 CVE-2026-25346

v1.7.13 CVEs

CVE-2025-24722 CVE-2026-25346 CVE-2024-11458

v1.7.03 CVEs

CVE-2025-24722 CVE-2026-25346 CVE-2024-11458

v1.6.93 CVEs

CVE-2025-24722 CVE-2026-25346 CVE-2024-11458

v1.6.83 CVEs

CVE-2025-24722 CVE-2026-25346 CVE-2024-11458

v1.6.73 CVEs

CVE-2025-24722 CVE-2026-25346 CVE-2024-11458

v1.6.63 CVEs

CVE-2025-24722 CVE-2026-25346 CVE-2024-11458

v1.6.53 CVEs

CVE-2025-24722 CVE-2026-25346 CVE-2024-11458

Code Analysis

Analyzed Mar 16, 2026

FAQ Builder AYS Code Analysis

Dangerous Functions

Raw SQL Queries

16 prepared

Unescaped Output

323

287 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

84% prepared19 total queries

Output Escaping

47% escaped610 total outputs

Data Flows · Security

2 unsanitized

Data Flow Analysis

5 flows2 with unsanitized paths

deactivate_plugin_option (admin\class-faq-builder-ays-admin.php:450)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

10 unprotected

FAQ Builder AYS Attack Surface

Entry Points12

Unprotected10

AJAX Handlers 11

authwp_ajax_ays_create_faq_previewadmin\class-faq-builder-ays-admin.php:60

authwp_ajax_deactivate_plugin_optionincludes\class-faq-builder-ays.php:175

noprivwp_ajax_deactivate_plugin_optionincludes\class-faq-builder-ays.php:176

authwp_ajax_ays_faq_install_pluginincludes\class-faq-builder-ays.php:193

noprivwp_ajax_ays_faq_install_pluginincludes\class-faq-builder-ays.php:194

authwp_ajax_ays_faq_activate_pluginincludes\class-faq-builder-ays.php:196

noprivwp_ajax_ays_faq_activate_pluginincludes\class-faq-builder-ays.php:197

authwp_ajax_FAQ_live_preivew_contentincludes\class-faq-builder-ays.php:209

noprivwp_ajax_FAQ_live_preivew_contentincludes\class-faq-builder-ays.php:210

authwp_ajax_ays_get_user_informationincludes\class-faq-builder-ays.php:230

noprivwp_ajax_ays_get_user_informationincludes\class-faq-builder-ays.php:231

Shortcodes 1

[ays_faq] public\class-faq-builder-ays-public.php:54

WordPress Hooks 23

filterset-screen-optionadmin\class-faq-builder-ays-admin.php:57

actioninitadmin\class-faq-builder-ays-admin.php:58

filterpost_row_actionsadmin\class-faq-builder-ays-admin.php:59

actionenqueue_block_editor_assetsfaq\faq-builder-block.php:81

actioninitfaq\faq-builder-block.php:82

actionplugins_loadedfaq-builder-ays.php:87

actionadmin_noticesfaq-builder-ays.php:106

actionplugins_loadedincludes\class-faq-builder-ays.php:154

actionadmin_headincludes\class-faq-builder-ays.php:169

actionadmin_enqueue_scriptsincludes\class-faq-builder-ays.php:170

actionadmin_enqueue_scriptsincludes\class-faq-builder-ays.php:171

actionadmin_enqueue_scriptsincludes\class-faq-builder-ays.php:172

actionadmin_menuincludes\class-faq-builder-ays.php:179

actionadmin_menuincludes\class-faq-builder-ays.php:182

actionadmin_menuincludes\class-faq-builder-ays.php:185

actionadmin_menuincludes\class-faq-builder-ays.php:188

actionadmin_menuincludes\class-faq-builder-ays.php:191

actionadmin_enqueue_scriptsincludes\class-faq-builder-ays.php:204

actionin_admin_footerincludes\class-faq-builder-ays.php:206

actionadmin_noticesincludes\class-faq-builder-ays.php:213

actionadmin_menuincludes\class-faq-builder-ays.php:216

actionwp_enqueue_scriptsincludes\class-faq-builder-ays.php:236

actionadmin_noticesincludes\lists\faq-builder-ays-faq-list.php:16

Maintenance & Trust

FAQ Builder AYS Maintenance & Trust

Maintenance Signals

WordPress version tested7.0

Last updatedApr 14, 2026

PHP min version

Downloads9K

Community Trust

Rating100/100

Number of ratings2

Active installs100

Alternatives

FAQ Builder AYS Alternatives

Quick and Easy FAQs

quick-and-easy-faqs

100

Truly a quick and easy way to add FAQs to your site.

10K No CVEs

FAQ Concertina

faq-concertina

Display FAQs in an expandable concertina or accordion section. FAQs can be ordered and categorised, and their appearance can be customised.

700 No CVEs

FAQ Manager For Divi, Gutenberg Block & Shortcode

faq-manager-with-structured-data

100

Easily create, manage bookmarkable FAQs on your website. Use divi module, FAQ block or shortcode to display FAQs. Boost SEO with FAQPage schema & …

200 No CVEs

Faq Module For Divi

faq-module-for-divi

Faq Module For Divi plugin is depreciated. Use our https://wordpress.org/plugins/faq-manager-with-structured-data/ plugin that has latest faq divi mod …

50 No CVEs

AD Sliding FAQ

ad-sliding-faq

Create a nice and accessible accordion FAQ section with sliding Q/A.

30 1 unpatched

Developer Profile

FAQ Builder AYS Developer Profile

Ays Pro

18 plugins · 111K total installs

trust score

Avg Security Score

92/100

Avg Patch Time

203 days

View full developer profile

Detection Fingerprints

How We Detect FAQ Builder AYS

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/faq-builder-ays/admin/css/common.css/wp-content/plugins/faq-builder-ays/admin/css/faq-builder-admin.css/wp-content/plugins/faq-builder-ays/admin/js/faq-builder-admin.js/wp-content/plugins/faq-builder-ays/admin/js/faq-builder-admin-settings.js/wp-content/plugins/faq-builder-ays/admin/js/faq-builder-block-editor.js/wp-content/plugins/faq-builder-ays/public/css/frontend.css/wp-content/plugins/faq-builder-ays/public/js/frontend.js

Script Paths

/wp-content/plugins/faq-builder-ays/admin/js/faq-builder-admin.js/wp-content/plugins/faq-builder-ays/admin/js/faq-builder-admin-settings.js/wp-content/plugins/faq-builder-ays/admin/js/faq-builder-block-editor.js/wp-content/plugins/faq-builder-ays/public/js/frontend.js

Version Parameters

faq-builder-ays/admin/css/common.css?ver=faq-builder-ays/admin/css/faq-builder-admin.css?ver=faq-builder-ays/admin/js/faq-builder-admin.js?ver=faq-builder-ays/admin/js/faq-builder-admin-settings.js?ver=faq-builder-ays/admin/js/faq-builder-block-editor.js?ver=faq-builder-ays/public/css/frontend.css?ver=faq-builder-ays/public/js/frontend.js?ver=

HTML / DOM Fingerprints

CSS Classes

ays-notice-bannernavigation-barnavigation-containerlogo-containerfaq-logofaq-upgrade-to-profaq-upgrade-green-iconfaq-upgrade-white-icon+12 more

HTML Comments

Data Attributes

data-plugin-name="faq-builder-ays"data-plugin-version="1.8.3"data-expanded="false"

JS Globals

window.ays_faq_builder_admin_paramswindow.ays_faq_builder_frontend_paramswindow.ays_faq_builder_block_editor_params

Shortcode Output

[faq-builder]

FAQ

FAQ Builder AYS Security & Risk Analysis

Is FAQ Builder AYS Safe to Use in 2026?

Generally Safe

Key Concerns

FAQ Builder AYS Security Vulnerabilities

CVEs by Year

Severity Breakdown

FAQ Builder AYS Release Timeline

FAQ Builder AYS Code Analysis

SQL Query Safety

Output Escaping

Data Flow Analysis

FAQ Builder AYS Attack Surface

AJAX Handlers 11

Shortcodes 1

FAQ Builder AYS Maintenance & Trust

Maintenance Signals

Community Trust

FAQ Builder AYS Alternatives

Quick and Easy FAQs

FAQ Concertina

FAQ Manager For Divi, Gutenberg Block & Shortcode

Faq Module For Divi

AD Sliding FAQ

FAQ Builder AYS Developer Profile

How We Detect FAQ Builder AYS

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about FAQ Builder AYS