Title: Vulnerability reported Last modified: April 12, 2025 --- # Vulnerability reported * [dalbert](https://wordpress.org/support/users/dalbert/) * (@dalbert) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerability-reported-2/) * Solid Security recently started reporting the following vulnerability: WordPress Arconix FAQ plugin <= 1.9.5 – Reflected Cross Site Scripting (XSS) vulnerabilityI love this FAQ tool, but the vulnerability appears serious, are there plans to fix this? Viewing 6 replies - 1 through 6 (of 6 total) * [sussexaa](https://wordpress.org/support/users/sussexaa/) * (@sussexaa) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerability-reported-2/#post-18422188) * Reported by Patchstack and Wordfence also. * [https://patchstack.com/database/wordpress/plugin/arconix-faq/vulnerability/wordpress-arconix-faq-plugin-1-9-5-reflected-cross-site-scripting-xss-vulnerability](https://patchstack.com/database/wordpress/plugin/arconix-faq/vulnerability/wordpress-arconix-faq-plugin-1-9-5-reflected-cross-site-scripting-xss-vulnerability) * [sussexaa](https://wordpress.org/support/users/sussexaa/) * (@sussexaa) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerability-reported-2/#post-18432380) * Any estimate of when a fix will be available? * [acwporg](https://wordpress.org/support/users/acwporg/) * (@acwporg) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerability-reported-2/#post-18441603) * time to delete I think.. It was reported back in November and they’ve done nothing.. And not even a courtesy to reply here.. * [sussexaa](https://wordpress.org/support/users/sussexaa/) * (@sussexaa) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerability-reported-2/#post-18441612) * Yesterday I got an email reply to the ticket I submitted on their support site. * > I am David from Tyche Softwares, the authors of the Arconix FAQ plugin, which > Wordfence and Patchstack marked as vulnerable to XSS attacks. This issue was > brought to our attention last week, and we have already started taking effective > steps to patch the security issue. > We will roll out an update as soon as this is fixed and rigorously tested to > ensure that it doesn’t break anything else. > We also apologize for the panic and trouble this must have caused on your end. * [https://tychesoftwares.freshdesk.com/support/tickets/64854](https://tychesoftwares.freshdesk.com/support/tickets/64854) * [acwporg](https://wordpress.org/support/users/acwporg/) * (@acwporg) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerability-reported-2/#post-18441620) * And yet it was logged here 16 days ago and they didn’t know and surely the researcher that found it in November told them too… * Thread Starter [dalbert](https://wordpress.org/support/users/dalbert/) * (@dalbert) * [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerability-reported-2/#post-18441862) * Thank you for sharing the update [@sussexaa](https://wordpress.org/support/users/sussexaa/) That’s good news! I guess, for their future, reporting on their support site is the right strategy. Viewing 6 replies - 1 through 6 (of 6 total) The topic ‘Vulnerability reported’ is closed to new replies. * ![](https://ps.w.org/arconix-faq/assets/icon-256x256.jpg?rev=3050529) * [Arconix FAQ](https://wordpress.org/plugins/arconix-faq/) * [Frequently Asked Questions](https://wordpress.org/plugins/arconix-faq/#faq) * [Support Threads](https://wordpress.org/support/plugin/arconix-faq/) * [Active Topics](https://wordpress.org/support/plugin/arconix-faq/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/arconix-faq/unresolved/) * [Reviews](https://wordpress.org/support/plugin/arconix-faq/reviews/) * 7 replies * 3 participants * Last reply from: [dalbert](https://wordpress.org/support/users/dalbert/) * Last activity: [1 year, 1 month ago](https://wordpress.org/support/topic/vulnerability-reported-2/#post-18441862) * Status: not resolved