WP-Safety

Joli FAQ SEO – WordPress FAQ Plugin Security & Risk Analysis

wordpress.org/plugins/joli-faq-seo

The best WordPress FAQ plugin: easy & fast single page drag n drop editor, lightweight, no jQuery, block-enabled, schema.org, optimized for SEO.

700 active installs v1.3.9 PHP 5.6+ WP 4.0.0+ Updated Aug 11, 2025
accordiondocsfaqfaqs-listwoocommerce-faq
99
A · Safe
CVEs total1
Unpatched0
Last CVEMay 7, 2024
Plugin page Download
Safety Verdict

Is Joli FAQ SEO – WordPress FAQ Plugin Safe to Use in 2026?

Generally Safe

Score 99/100

Joli FAQ SEO – WordPress FAQ Plugin has a strong security track record. Known vulnerabilities have been patched promptly.

1 known CVELast CVE: May 7, 2024Updated 7mo ago
Risk Assessment

The "joli-faq-seo" v1.3.9 plugin presents a mixed security posture. While the absence of critical and high severity vulnerabilities in its history, along with a complete lack of unpatched CVEs, is a positive sign, the static analysis reveals significant concerns. A large attack surface is exposed through AJAX handlers, with a notable 14 out of 15 handlers lacking authentication checks. This is a primary area of risk, as it could allow unauthenticated users to trigger potentially sensitive actions. Furthermore, only 46% of output escaping is properly handled, indicating a risk of Cross-Site Scripting (XSS) vulnerabilities. The presence of one unsanitized path in the taint analysis, though not classified as critical or high, warrants attention.

The plugin's vulnerability history, showing a single medium-severity CSRF vulnerability last year, suggests a generally good track record but doesn't negate the current static analysis findings. The fact that there are no unpatched CVEs is commendable. However, the combination of a large, unprotected attack surface and insufficient output escaping creates a tangible risk profile that requires immediate attention. The plugin demonstrates some good practices with its use of nonces and capability checks, but these are overshadowed by the critical security gaps identified in its entry points and output handling.

Key Concerns

  • 14 unprotected AJAX handlers
  • 46% of output escaping properly handled
  • 1 flow with unsanitized paths
  • Bundled Freemius v1.0
Vulnerabilities
1

Joli FAQ SEO – WordPress FAQ Plugin Security Vulnerabilities

CVEs by Year

1 CVE in 2024
2024
Patched Has unpatched

Severity Breakdown

Medium
1

1 total CVE

CVE-2024-4082medium · 4.3Cross-Site Request Forgery (CSRF)

Joli FAQ SEO – WordPress FAQ Plugin <= 1.3.2 - Cross-Site Request Forgery

May 7, 2024 Patched in 1.3.3 (3d)
Code Analysis
Analyzed Mar 16, 2026

Joli FAQ SEO – WordPress FAQ Plugin Code Analysis

Dangerous Functions
0
Raw SQL Queries
2
2 prepared
Unescaped Output
582
498 escaped
Nonce Checks
29
Capability Checks
6
File Operations
2
External Requests
4
Bundled Libraries
1

Bundled Libraries

Freemius1.0

SQL Query Safety

50% prepared4 total queries

Output Escaping

46% escaped1080 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

3 flows1 with unsanitized paths
install_plugin_information (includes\fs\includes\fs-plugin-info-dialog.php:925)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
14 unprotected

Joli FAQ SEO – WordPress FAQ Plugin Attack Surface

Entry Points15
Unprotected14

AJAX Handlers 15

authwp_ajax_joli_faq_seo_handle_noticecore\Hooks.php:99
authwp_ajax_jfaq_admin_get_faq_previewcore\Hooks.php:126
authwp_ajax_jfaq_get_faqscore\Hooks.php:131
authwp_ajax_jfaq_insert_faqcore\Hooks.php:132
authwp_ajax_jfaq_update_faqcore\Hooks.php:133
authwp_ajax_jfaq_delete_faqcore\Hooks.php:134
authwp_ajax_jfaq_check_gutenberg_faqcore\Hooks.php:135
authwp_ajax_jfaq_get_faq_groupscore\Hooks.php:137
authwp_ajax_jfaq_create_faq_groupcore\Hooks.php:138
authwp_ajax_jfaq_update_faq_groupscore\Hooks.php:139
authwp_ajax_jfaq_delete_faq_groupcore\Hooks.php:140
authwp_ajax_jfaq_update_category_faq_groupcore\Hooks.php:141
authwp_ajax_jfaq_create_category_faq_groupcore\Hooks.php:142
authwp_ajax_jfaq_delete_category_faq_groupcore\Hooks.php:143
authwp_ajax_fs_toggle_debug_modeincludes\fs\includes\managers\class-fs-debug-manager.php:477
WordPress Hooks 46
actioninitcore\Application.php:33
actionadmin_noticescore\Controllers\NoticesFreeController.php:41
actionadmin_noticescore\Controllers\NoticesFreeController.php:47
filterjoli_faq_seo_faq_questioncore\Engine\JoliFAQBuilder.php:112
actioninitcore\Hooks.php:95
actioninitcore\Hooks.php:98
actioninitcore\Hooks.php:102
actioninitcore\Hooks.php:103
actioninitcore\Hooks.php:104
actioninitcore\Hooks.php:107
actionadmin_enqueue_scriptscore\Hooks.php:110
actionadmin_menucore\Hooks.php:111
actionadmin_initcore\Hooks.php:112
actionadmin_enqueue_scriptscore\Hooks.php:113
actioninitcore\Hooks.php:151
filterjoli_faq_seo_faq_answercore\Hooks.php:153
filterconnect_messagefs-helpers.php:24
actionafter_uninstallfs-helpers.php:36
filterplugin_iconfs-helpers.php:48
actionadmin_footerincludes\fs\includes\class-fs-logger.php:111
actionwp_footerincludes\fs\includes\class-fs-logger.php:113
filterplugins_apiincludes\fs\includes\class-fs-plugin-updater.php:85
actionadmin_headincludes\fs\includes\class-fs-plugin-updater.php:108
actionadmin_footerincludes\fs\includes\class-fs-plugin-updater.php:110
filterhttp_request_host_is_externalincludes\fs\includes\class-fs-plugin-updater.php:114
filterupgrader_post_installincludes\fs\includes\class-fs-plugin-updater.php:122
filterupgrader_pre_installincludes\fs\includes\class-fs-plugin-updater.php:125
filterupgrader_source_selectionincludes\fs\includes\class-fs-plugin-updater.php:126
filterwp_prepare_themes_for_jsincludes\fs\includes\class-fs-plugin-updater.php:129
actionadmin_footerincludes\fs\includes\class-fs-plugin-updater.php:179
filterpre_set_site_transient_update_pluginsincludes\fs\includes\class-fs-plugin-updater.php:294
filterpre_set_site_transient_update_themesincludes\fs\includes\class-fs-plugin-updater.php:299
filterupgrader_source_selectionincludes\fs\includes\class-fs-plugin-updater.php:1388
filterdebug_bar_panelsincludes\fs\includes\debug\debug-bar-start.php:51
filterdebug_bar_statusesincludes\fs\includes\debug\debug-bar-start.php:52
actioninstall_plugins_pre_plugin-informationincludes\fs\includes\fs-plugin-info-dialog.php:66
filterfs_plugins_apiincludes\fs\includes\fs-plugin-info-dialog.php:69
actionadmin_footerincludes\fs\includes\managers\class-fs-admin-notice-manager.php:217
actionnetwork_admin_noticesincludes\fs\includes\managers\class-fs-admin-notice-manager.php:396
actionadmin_noticesincludes\fs\includes\managers\class-fs-admin-notice-manager.php:397
actionadmin_enqueue_scriptsincludes\fs\includes\managers\class-fs-admin-notice-manager.php:400
actionadmin_post_fs_clone_resolutionincludes\fs\includes\managers\class-fs-clone-manager.php:145
actionadmin_footerincludes\fs\includes\managers\class-fs-clone-manager.php:163
actionfs_debug_turn_off_logging_hookincludes\fs\includes\managers\class-fs-debug-manager.php:492
actionhttp_api_curlincludes\fs\includes\sdk\FreemiusWordPress.php:482
actionadmin_footerincludes\fs\templates\account.php:93

Scheduled Events 1

fs_debug_turn_off_logging_hook
Maintenance & Trust

Joli FAQ SEO – WordPress FAQ Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedAug 11, 2025
PHP min version5.6
Downloads13K

Community Trust

Rating100/100
Number of ratings4
Active installs700
Alternatives

Joli FAQ SEO – WordPress FAQ Plugin Alternatives

Accordions

Accordions

accordions

A
94

Create sleek accordions, tabs, FAQs, and image accordions with a React builder featuring advanced styling, animations, OpenAI support, and customizati &hellip;

20K 8 CVEs
Iks Menu – WordPress Category Accordion Menu & FAQs

Iks Menu – WordPress Category Accordion Menu & FAQs

iks-menu

A
100

Super customizable WordPress plugin for displaying custom menus, taxonomy/category terms and FAQs as accordion menu (with images support).

10K No CVEs
Helpie FAQ — Accordion, Docs & Knowledge Base

Helpie FAQ — Accordion, Docs & Knowledge Base

helpie-faq

A
95

Accordion , FAQ & Docs builder with Drag and Drop features. Helpie Accordion FAQ plugin works with Helpie Knowledge Base , Woocommerce & Elementor

9K 4 CVEs
Flexible FAQs – Accordion FAQ Plugin for WordPress

Flexible FAQs – Accordion FAQ Plugin for WordPress

flexible-faqs

A
85

Accordion FAQ plugin for WordPress. Create & preview Gutenberg FAQ blocks in real-time. Built-in FAQ schema, and shortcodes.

50 No CVEs
BS FAQ Plugin

BS FAQ Plugin

bs-faq

A
85

Quick and Easy way to add FAQs

10 No CVEs
Developer Profile

Joli FAQ SEO – WordPress FAQ Plugin Developer Profile

WPJoli

4 plugins · 8K total installs

79
trust score
Avg Security Score
100/100
Avg Patch Time
194 days
View full developer profile
Detection Fingerprints

How We Detect Joli FAQ SEO – WordPress FAQ Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/joli-faq-seo/assets/admin/css/joli-faq-seo-admin.css/wp-content/plugins/joli-faq-seo/assets/admin/js/joli-faq-seo-admin.js/wp-content/plugins/joli-faq-seo/vendor/wp-color-picker-alpha/wp-color-picker-alpha.min.js/wp-content/plugins/joli-faq-seo/assets/admin/js/joli-faq-seo-admin-notices.js
Script Paths
/wp-content/plugins/joli-faq-seo/assets/admin/js/joli-faq-seo-admin.js/wp-content/plugins/joli-faq-seo/vendor/wp-color-picker-alpha/wp-color-picker-alpha.min.js/wp-content/plugins/joli-faq-seo/assets/admin/js/joli-faq-seo-admin-notices.js
Version Parameters
joli-faq-seo/assets/admin/css/joli-faq-seo-admin.css?ver=joli-faq-seo/assets/admin/js/joli-faq-seo-admin.js?ver=joli-faq-seo/assets/admin/js/joli-faq-seo-admin-notices.js?ver=

HTML / DOM Fingerprints

CSS Classes
joli-faq-seo
Data Attributes
data-ajax-url
JS Globals
jfaqAdminjfaqAdminNotice
FAQ

Frequently Asked Questions about Joli FAQ SEO – WordPress FAQ Plugin