WP-Safety

FAQly – Ultimate FAQ Security & Risk Analysis

wordpress.org/plugins/faqly-ultimate-faq

FAQly – Ultimate FAQ Plugin: A plugin to manage FAQs and display them as an accordion using a shortcode.

1K active installs v1.1.8 PHP 7.4+ WP 5.2+ Updated Apr 4, 2026
accordionfaqfaq-blockfaq-shortcodefaqs
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is FAQly – Ultimate FAQ Safe to Use in 2026?

Generally Safe

Score 100/100

FAQly – Ultimate FAQ has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The 'faqly-ultimate-faq' plugin v1.1.7 exhibits a generally good security posture with strong adherence to many best practices. The plugin demonstrates a high percentage of properly escaped outputs and exclusively uses prepared statements for its SQL queries, mitigating common risks like SQL injection. Furthermore, the absence of any recorded vulnerabilities (CVEs) in its history suggests a mature and well-maintained codebase. However, a significant concern arises from the presence of one unprotected AJAX handler. This creates a direct entry point into the plugin's functionality that is not protected by any authentication or authorization checks, potentially allowing unauthenticated users to trigger sensitive actions.

Key Concerns

  • Unprotected AJAX handler found
Vulnerabilities
None known

FAQly – Ultimate FAQ Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

FAQly – Ultimate FAQ Release Timeline

v1.1.8Current
v1.1.7
v1.1.6
v1.1.5
v1.1.4
v1.1.3
v1.1.2
v1.1.1
v1.1.0
v1.0.9
v1.0.8
v1.0.7
v1.0.6
v1.0.5
v1.0.4
v1.0.3
v1.0.2
v1.0.1
Code Analysis
Analyzed Mar 16, 2026

FAQly – Ultimate FAQ Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
11
516 escaped
Nonce Checks
8
Capability Checks
4
File Operations
1
External Requests
2
Bundled Libraries
0

Output Escaping

98% escaped527 total outputs
Attack Surface
1 unprotected

FAQly – Ultimate FAQ Attack Surface

Entry Points9
Unprotected1

AJAX Handlers 8

authwp_ajax_faqly_get_templatesajax\ajax.php:66
noprivwp_ajax_faqly_get_templatesajax\ajax.php:67
authwp_ajax_faqly_load_faq_contentajax\ajax.php:109
noprivwp_ajax_faqly_load_faq_contentajax\ajax.php:110
authwp_ajax_faqly_export_dataajax\ajax.php:212
authwp_ajax_faqly_get_productsajax\ajax.php:248
authwp_ajax_faqly_import_dataajax\ajax.php:348
authwp_ajax_faqly_get_notice_dismissincludes\class-faq-metabox.php:15

Shortcodes 1

[faqly_accordion] includes\class-faq-shortcode.php:14
WordPress Hooks 33
actionplugins_loadedfaqly-ultimate-faq.php:77
actionwp_loginfaqly-ultimate-faq.php:97
actionwp_logoutfaqly-ultimate-faq.php:103
actionadmin_footerfaqly-ultimate-faq.php:108
actionadmin_enqueue_scriptsfaqly-ultimate-faq.php:139
actionwp_enqueue_scriptsfaqly-ultimate-faq.php:172
actionwp_enqueue_scriptsfaqly-ultimate-faq.php:178
actionwpfaqly-ultimate-faq.php:182
actionadmin_print_scriptsfaqly-ultimate-faq.php:283
actionadmin_enqueue_scriptsfaqly-ultimate-faq.php:286
actionenqueue_block_editor_assetsfaqly-ultimate-faq.php:312
filterpost_updated_messagesfaqly-ultimate-faq.php:323
actionadmin_noticesfaqly-ultimate-faq.php:341
filterwoocommerce_product_tabsfaqly-ultimate-faq.php:372
actionadmin_menuincludes\class-faq-admin.php:17
actionadmin_enqueue_scriptsincludes\class-faq-admin.php:18
actionadd_meta_boxesincludes\class-faq-metabox.php:11
actionadd_meta_boxesincludes\class-faq-metabox.php:12
actionadd_meta_boxesincludes\class-faq-metabox.php:13
actionadd_meta_boxesincludes\class-faq-metabox.php:14
actionadd_meta_boxesincludes\class-faq-metabox.php:16
actionsave_postincludes\class-faq-metabox.php:19
actionsave_postincludes\class-faq-metabox.php:20
actionsave_postincludes\class-faq-metabox.php:22
actionsave_postincludes\class-faq-metabox.php:23
filterpostbox_classes_group_faq_accordion_faq_group_settingsincludes\class-faq-metabox.php:26
actioninitincludes\class-faq-post-type.php:11
actioninitincludes\class-faq-post-type.php:12
filtermanage_edit-faqly_faq_columnsincludes\class-faq-post-type.php:14
actionmanage_faqly_faq_posts_custom_columnincludes\class-faq-post-type.php:25
actionadmin_enqueue_scriptsincludes\class-faq-post-type.php:31
filterwp_insert_post_dataincludes\class-faq-post-type.php:77
filterwp_insert_post_dataincludes\class-faq-post-type.php:118
Maintenance & Trust

FAQly – Ultimate FAQ Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedApr 4, 2026
PHP min version7.4
Downloads19K

Community Trust

Rating76/100
Number of ratings5
Active installs1K
Alternatives

FAQly – Ultimate FAQ Alternatives

Ultimate FAQ Accordion Plugin

Ultimate FAQ Accordion Plugin

ultimate-faqs

A
89

Full-featured FAQ and accordion plugin with advanced search, simple UI and easy-to-use FAQ blocks and shortcodes.

30K 7 CVEs
Easy Accordion Block

Easy Accordion Block

easy-accordion-block

A
99

Easy Accordion Block allows you to create an accordion or a FAQs section in Gutenberg editor easily.

7K 1 CVE
WPFAQBlock– FAQ & Accordion Plugin For Gutenberg

WPFAQBlock– FAQ & Accordion Plugin For Gutenberg

wpfaqblock

B
78

WPFAQBlock and accordion plugin with easy to use Gutenberg blocks and shortcodes with FAQ search.

10 1 unpatched
Advanced Accordion Gutenberg Block – Create Beautiful FAQs, Content Accordions & Interactive Tabs

Advanced Accordion Gutenberg Block – Create Beautiful FAQs, Content Accordions & Interactive Tabs

advanced-accordion-block

A
99

Create stunning FAQ & accordion blocks. SEO-optimized, fully accessible, zero performance impact. No coding needed.

10K 1 CVE
Iks Menu – WordPress Category Accordion Menu & FAQs

Iks Menu – WordPress Category Accordion Menu & FAQs

iks-menu

A
100

Super customizable WordPress plugin for displaying custom menus, taxonomy/category terms and FAQs as accordion menu (with images support).

10K No CVEs
Developer Profile

FAQly – Ultimate FAQ Developer Profile

drakearthur

60 plugins · 5K total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect FAQly – Ultimate FAQ

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/faqly-ultimate-faq/assets/faq-accordion-front.css/wp-content/plugins/faqly-ultimate-faq/assets/faqly-themes.css/wp-content/plugins/faqly-ultimate-faq/assets/lib/bootstrap.min.css/wp-content/plugins/faqly-ultimate-faq/assets/lib/bootstrap.bundle.min.js/wp-content/plugins/faqly-ultimate-faq/assets/faq-accordion-front.js/wp-content/plugins/faqly-ultimate-faq/assets/lib/all.min.css/wp-content/plugins/faqly-ultimate-faq/assets/admin/css/faq-templates-accordion.css
Script Paths
/wp-content/plugins/faqly-ultimate-faq/assets/faq-accordion-front.js/wp-content/plugins/faqly-ultimate-faq/assets/lib/bootstrap.bundle.min.js/wp-content/plugins/faqly-ultimate-faq/assets/faq-accordion-front.js
Version Parameters
faqly-ultimate-faq/style.css?ver=faqly-ultimate-faq/assets/faq-accordion-front.css?ver=faqly-ultimate-faq/assets/faqly-themes.css?ver=faqly-ultimate-faq/assets/lib/bootstrap.min.css?ver=faqly-ultimate-faq/assets/lib/bootstrap.bundle.min.js?ver=faqly-ultimate-faq/assets/faq-accordion-front.js?ver=faqly-ultimate-faq/assets/lib/all.min.css?ver=faqly-ultimate-faq/assets/admin/css/faq-templates-accordion.css?ver=

HTML / DOM Fingerprints

CSS Classes
faqly-popup-dismissfaqly-popup-wrapfaqly-popup-template-btnfaqly-popup-bundle-btnfaqly-premium-floating-btn
Data Attributes
data-bs-toggledata-bs-target
JS Globals
faqly_ajax_object
Shortcode Output
[faqly_accordion]
FAQ

Frequently Asked Questions about FAQly – Ultimate FAQ