Does MYFAQ Plugin have any unpatched vulnerabilities?

No. All known vulnerabilities in MYFAQ Plugin have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MYFAQ Plugin compatible with WordPress 4.7.32?

According to WordPress.org data, MYFAQ Plugin 1.3.2 has been tested up to WordPress 4.7.32. Check the plugin's changelog for the latest compatibility information.

How often is MYFAQ Plugin updated?

MYFAQ Plugin was last updated on Unknown. Frequent updates are generally a positive security signal.

What is MYFAQ Plugin's security score?

MYFAQ Plugin has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MYFAQ Plugin Security & Risk Analysis

wordpress.org/plugins/myfaq

A simple and beauty WordPress FAQ Plugin : ) , please use [my_faq] shortcode!

10 active installs v1.3.2 PHP + WP 3.0+ Updated Unknown

frequently-asked-questionsmyfaq-pluginwordpresswordpress-faqwordpress-plugin

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MYFAQ Plugin Safe to Use in 2026?

Generally Safe

Score 100/100

MYFAQ Plugin has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs

Risk Assessment

The "myfaq" plugin version 1.3.2 exhibits a concerning security posture primarily due to its unprotected entry points and the presence of a dangerous function without apparent sanitization. While the plugin utilizes prepared statements for its SQL queries and has no recorded vulnerability history, these positive aspects are overshadowed by critical security gaps. Specifically, the analysis reveals four AJAX handlers that lack authentication checks, exposing them to potential unauthorized actions if an attacker can trigger them. The presence of the `unserialize` function is a significant red flag, as it can lead to remote code execution if improperly handled with untrusted input. The limited output escaping (only 7% properly escaped) further exacerbates the risk, potentially allowing for cross-site scripting (XSS) vulnerabilities.

Despite the absence of known CVEs, the static analysis points to inherent weaknesses that could be exploited. The lack of nonce checks on AJAX handlers is a common oversight that can be leveraged for CSRF attacks. The vulnerability history being clear is positive, but it doesn't negate the immediate risks identified in the code. The overall impression is that while the developers may have some good practices in place (like prepared statements), there are significant oversights in handling user input and securing entry points, creating a high potential for vulnerabilities to be introduced.

Key Concerns

AJAX handlers without auth checks
Unsanitized 'unserialize' function
Low percentage of output escaping
Missing nonce checks on AJAX

Vulnerabilities

None known

MYFAQ Plugin Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

MYFAQ Plugin Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

unserialize$captcha_config = unserialize($_SESSION['_CAPTCHA']['config']);CONTENTS\PHP\simple-php-captcha.php:116

Bundled Libraries

TinyMCE

SQL Query Safety

100% prepared2 total queries

Output Escaping

7% escaped14 total outputs

Attack Surface

4 unprotected

MYFAQ Plugin Attack Surface

Entry Points5

Unprotected4

AJAX Handlers 4

authwp_ajax_submit_faqCONTENTS\PHP\all.fns.php:449

noprivwp_ajax_submit_faqCONTENTS\PHP\all.fns.php:450

authwp_ajax_reload_captcha_faqCONTENTS\PHP\all.fns.php:520

noprivwp_ajax_reload_captcha_faqCONTENTS\PHP\all.fns.php:521

Shortcodes 1

[my_faq] CONTENTS\PHP\all.fns.php:195

WordPress Hooks 16

actioninitCONTENTS\PHP\all.fns.php:7

actionadmin_enqueue_scriptsCONTENTS\PHP\all.fns.php:51

actionwp_enqueue_scriptsCONTENTS\PHP\all.fns.php:52

actioninitCONTENTS\PHP\all.fns.php:62

actioninitCONTENTS\PHP\all.fns.php:85

actionadmin_menuCONTENTS\PHP\all.fns.php:197

filtermanage_my_faq_posts_columnsCONTENTS\PHP\all.fns.php:340

actionmanage_my_faq_posts_custom_columnCONTENTS\PHP\all.fns.php:357

filtermanage_edit-my_faq_sortable_columnsCONTENTS\PHP\all.fns.php:368

actionsave_postCONTENTS\PHP\all.fns.php:403

actionadmin_menuCONTENTS\PHP\all.fns.php:418

actionwp_headCONTENTS\PHP\all.fns.php:548

filtermce_external_pluginsCONTENTS\PHP\all.fns.php:558

filtermce_buttonsCONTENTS\PHP\all.fns.php:559

filterthe_contentCONTENTS\PHP\all.fns.php:582

filterthe_excerptCONTENTS\PHP\all.fns.php:583

Maintenance & Trust

MYFAQ Plugin Maintenance & Trust

Maintenance Signals

WordPress version tested4.7.32

Last updatedUnknown

PHP min version

Downloads3K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

MYFAQ Plugin Alternatives

Master Accordion ( Former WP Awesome FAQ Plugin )

wp-awesome-faq

Best WordPress Accordion Plugin for WordPress. Master Accordion re-branded with lots new features and customization options

800 No CVEs

BH FAQ

bh-faq

This plugin will be added Faq Option into your site. Very easy and nice plugin.If you had any problem to use this plugin. Please contact us.

10 No CVEs

WP Awesome City Weather Report

wp-awesome-city-weather-report

WP Awesome City Weather Report is a Widget that displays a specified city weather Report

10 No CVEs

Mos FAQs

mos-faqs

100

Mos FAQs plugin that lets you easily create, order and publicize FAQs using shortcodes.

10 No CVEs

WPFY FAQ Block

wpfy-faq-block

Gutenberg Block plugin for Frequently Asked Questions (FAQ) feature. Very straight forward to use. Just install and enjoy.

0 No CVEs

Developer Profile

MYFAQ Plugin Developer Profile

Omid Shamloo

7 plugins · 8K total installs

trust score

Avg Security Score

91/100

Avg Patch Time

158 days

View full developer profile

Detection Fingerprints

How We Detect MYFAQ Plugin

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/myfaq/CONTENTS/JS/admin.min.js/wp-content/plugins/myfaq/CONTENTS/CSS/admin.min.css/wp-content/plugins/myfaq/CONTENTS/JS/user.min.js/wp-content/plugins/myfaq/CONTENTS/CSS/user.min.css/wp-content/plugins/myfaq/CONTENTS/IMG/myfaq-icon-png.png

Script Paths

/wp-content/plugins/myfaq/CONTENTS/JS/admin.min.js/wp-content/plugins/myfaq/CONTENTS/JS/user.min.js

HTML / DOM Fingerprints

CSS Classes

ltrfaq-sepmyfaq-errormyfaq-error2myfaq-close-btnmyfaq-submit-buttonmyfaq-ask-question-btnawaiting-mod+4 more

HTML Comments

DEBUG SWITCH KEYIcon PathRegistering the scripts and style

Data Attributes

id="my_faq"class="ltr"class="faq-sep"class="myfaq-error myfaq-error2"class="myfaq-close-btn"id="myfaq-ask-question-btn"+7 more

JS Globals

window.jQuerywindow.myfaq_admin_options

Shortcode Output

<div id="my_faq"<h2>:: FAQ List ::</h2><hr class="faq-sep" /><div id="myfaq-ask-question">

FAQ

MYFAQ Plugin Security & Risk Analysis

Is MYFAQ Plugin Safe to Use in 2026?

Generally Safe

Key Concerns

MYFAQ Plugin Security Vulnerabilities

MYFAQ Plugin Code Analysis

Dangerous Functions Found

Bundled Libraries

SQL Query Safety

Output Escaping

MYFAQ Plugin Attack Surface

AJAX Handlers 4

Shortcodes 1

MYFAQ Plugin Maintenance & Trust

Maintenance Signals

Community Trust

MYFAQ Plugin Alternatives

Master Accordion ( Former WP Awesome FAQ Plugin )

BH FAQ

WP Awesome City Weather Report

Mos FAQs

WPFY FAQ Block

MYFAQ Plugin Developer Profile

How We Detect MYFAQ Plugin

Asset Fingerprints

HTML / DOM Fingerprints

Frequently Asked Questions about MYFAQ Plugin