CVE-2026-24591
WordPress Turn Yoast SEO FAQ Block to Accordion plugin <= 1.0.6 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yasir129 Turn Yoast SEO FAQ Block to Accordion faq-schema-block-to-accordion allows Stored XSS.This issue affects Turn Yoast SEO FAQ Block to Accordion: from n/a through <= 1.0.6.
We have discovered 946 live websites that are affected by CVE-2026-24591.
Affected Software
| Product |  Faq Schema Block To Accordion |
| Category | Wordpress Plugins |
| Vulnerable Domains | 946 live websites (100% of Faq Schema Block To Accordion install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 2 versions ( 100% of all versions) |
Details
- Published - Jan 23, 2026
- Updated - Jan 23, 2026
Credits
- Nabil Irawan | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-24591 United States | 532 websites |
 Germany | 61 websites |
 Netherlands | 53 websites |
 Romania | 51 websites |
 GB | 40 websites |
 France | 32 websites |
 Poland | 20 websites |
 Cyprus | 18 websites |
 Russia | 15 websites |
 Canada | 11 websites |
Website Distribution by TLD
Number of websites using CVE-2026-24591| .com | 555 websites |
| .nl | 36 websites |
| .de | 30 websites |
| .org | 25 websites |
| .co.uk | 25 websites |
| .net | 25 websites |
| .fr | 20 websites |
| .info | 17 websites |
| .pl | 15 websites |
| .ru | 14 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-24591
Top websites that are affected by CVE-2026-24591. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ********.com | United States | *,*** | |
| ***.com | Germany | *,*** | |
| *********.com | United States | **,*** | |
| **************.com | United States | **,*** | |
| ****.org | United States | **,*** | |
| **********.com | United States | **,*** | |
| ********.com |  Finland | **,*** | |
| *******************.org | United States | **,*** | |
| *********.net | United States | **,*** | |
| ***********.com | United States | **,*** |
FAQ
A total of 946 websites have been identified as vulnerable to CVE-2026-24591, based on global website indexing conducted by WebTechSurvey.
The Faq Schema Block To Accordion is affected by the CVE-2026-24591 vulnerability.
Faq Schema Block To Accordion versions up to and including 1.0.6 are vulnerable to CVE-2026-24591.