CVE-2025-2166 — The CM FAQ – Simplify support with an intuitive FAQ management tool plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escapin — CVE Database · The Intelligence Room