Does Question answer have any unpatched vulnerabilities?

No. All known vulnerabilities in Question answer have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Question answer compatible with WordPress 4.9.29?

According to WordPress.org data, Question answer 1.2.3 has been tested up to WordPress 4.9.29. Check the plugin's changelog for the latest compatibility information.

How often is Question answer updated?

Question answer was last updated on Oct 13, 2018. Frequent updates are generally a positive security signal.

What is Question answer's security score?

Question answer has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Question answer Security & Risk Analysis

wordpress.org/plugins/question-answer-faq

Question-answer, ajax, bootstrap, gravatar avatar plugin with email notification and Google reCaptcha 2. It looks like a chat.

200 active installs v1.2.3 PHP + WP 3.0+ Updated Oct 13, 2018

answerfaqquestion

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Question answer Safe to Use in 2026?

Generally Safe

Score 85/100

Question answer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 7yr ago

Risk Assessment

The plugin "question-answer-faq" v1.2.3 demonstrates a generally good security posture with a zero count of known CVEs and no recorded past vulnerabilities. The static analysis indicates a strong adherence to several security best practices, including the presence of nonce and capability checks on entry points, and a high percentage of properly escaped output.

However, a significant concern lies within the SQL query handling. All four SQL queries are executed without the use of prepared statements, making the plugin susceptible to SQL injection vulnerabilities. While the taint analysis did not reveal any direct unsanitized paths, the lack of prepared statements is a fundamental weakness that could be exploited if user-supplied data indirectly reaches these queries. The attack surface, while protected by checks, is composed of several AJAX handlers, and the absence of prepared statements for database interactions introduces a substantial risk.

In conclusion, the plugin's strength lies in its clean vulnerability history and robust use of WordPress security features for entry point protection. Nevertheless, the unmitigated risk of SQL injection due to the absence of prepared statements represents a critical flaw that requires immediate attention. Addressing this, alongside a continued focus on secure coding practices for database interactions, would significantly improve its security.

Key Concerns

Raw SQL queries without prepared statements

Vulnerabilities

None known

Question answer Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Question answer Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

38 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

0% prepared4 total queries

Output Escaping

81% escaped47 total outputs

Attack Surface

Question answer Attack Surface

Entry Points7

Unprotected0

AJAX Handlers 5

authwp_ajax_mideal_faq_addincludes\frontend.php:190

noprivwp_ajax_mideal_faq_addincludes\frontend.php:191

authwp_ajax_mideal_faq_deleteincludes\frontend.php:262

authwp_ajax_mideal_faq_saveincludes\frontend.php:287

authwp_ajax_mideal_faq_publishincludes\frontend.php:319

Shortcodes 2

[mideal-faq] includes\frontend.php:18

[mideal-faq-form] includes\frontend.php:141

WordPress Hooks 11

actionadmin_initincludes\admin\admin.php:9

filtermanage_mideal_faq_posts_columnsincludes\admin\admin.php:38

actionmanage_mideal_faq_posts_custom_columnincludes\admin\admin.php:39

filtermanage_edit-mideal_faq_sortable_columnsincludes\admin\admin.php:61

actionadd_meta_boxesincludes\admin\admin.php:70

actionsave_postincludes\admin\admin.php:90

actioninitquestion-answer-faq.php:48

actionadmin_menuquestion-answer-faq.php:65

actionadmin_enqueue_scriptsquestion-answer-faq.php:87

actionwp_enqueue_scriptsquestion-answer-faq.php:92

actionplugins_loadedquestion-answer-faq.php:98

Maintenance & Trust

Question answer Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29

Last updatedOct 13, 2018

PHP min version

Downloads5K

Community Trust

Rating100/100

Number of ratings4

Active installs200

Alternatives

Question answer Alternatives

Happy WooCommerce FAQs – Ultimate Product FAQ Plugin

faq-for-woocommerce

WooCommerce Product FAQ Plugin and accordion plugin create FAQs with Google FAQ schema, AI Generator, Comment and customization support.

1K 3 CVEs

FAQ Block

faq-block

Very simple and clean Gutenberg Block for FAQ (Frequently Asked Questions).

500 No CVEs

WP Super FAQ

wp-super-faq

A lightweight FAQ/QNA plugin that includes an FAQ shortcode for your site. A simple jQuery animation is included to show/hide each question.

300 No CVEs

Simple FAQ

simple-faq

Simple FAQ gives you ability to create very simple FAQ on your site (questions and answers)

30 No CVEs

FAQ with categories

faq-with-categories

100

Easy to manage FAQ with categories, including accordion, filter, search and show more functionality.

20 No CVEs

Developer Profile

Question answer Developer Profile

mideal

1 plugin · 200 total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Question answer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/question-answer-faq/css/style.css/wp-content/plugins/question-answer-faq/css/small_size.css/wp-content/plugins/question-answer-faq/css/big_size.css/wp-content/plugins/question-answer-faq/css/bootstrap.css/wp-content/plugins/question-answer-faq/js/app.js/wp-content/plugins/question-answer-faq/css/admin.css/wp-content/plugins/question-answer-faq/assets/bootstrap-colorpicker-master/css/bootstrap-colorpicker.min.css

Script Paths

https://www.google.com/recaptcha/api.js

Version Parameters

question-answer-faq/css/style.css?ver=question-answer-faq/css/small_size.css?ver=question-answer-faq/css/big_size.css?ver=question-answer-faq/css/bootstrap.css?ver=question-answer-faq/js/app.js?ver=question-answer-faq/css/admin.css?ver=question-answer-faq/assets/bootstrap-colorpicker-master/css/bootstrap-colorpicker.min.css?ver=

HTML / DOM Fingerprints

CSS Classes

mideal-faq-settings-page

HTML Comments

Question answerCopyright 2018 mideal (email: midealf@gmail.com)This program is free software; you can redistribute it and/or modifyThis program is distributed in the hope that it will be useful,+6 more

Data Attributes

mideal_faq_setting_avatar_smallsizemideal_faq_setting_recaptchamideal_faq_setting_dont_connect_bootstrapmideal_faq_setting_answer_namemideal_faq_setting_answer_backgroundmideal_faq_setting_answer_color_text+4 more

JS Globals

midealfaqajaxmideal_faq_l10n

FAQ