[HIGH] phpMyFAQ has unauthenticated config backup download via /api/setup/backup

PKSA-w8m6-73n2-zbk6 CVE-2025-69200 GHSA-9cg9-4h4f-j6fg

Affected version: >=4.1.0-alpha,<=4.1.0-beta.2|<4.0.16

Reported by:
GitHub

[MEDIUM] phpMyFAQ has Stored XSS in user list via admin-managed display_name

PKSA-hj4y-1t5r-b8zy CVE-2025-68951 GHSA-jv8r-hv7q-p6vc

Affected version: >=4.0.14,<4.0.16

Reported by:
GitHub