Lucene search

[email protected]NVD:CVE-2022-3343

HistoryJan 09, 2023 - 11:15 p.m.

CVE-2022-3343

2023-01-0923:15:26

[email protected]

web.nvd.nist.gov

wpqa builder

discy

himer discy

wordpress themes

user validation

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

3.9 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON

The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.

Affected configurations

NVD

Node

2codewpqa_builderRange<5.9.3wordpress

References

wpscan.com/vulnerability/e507b1b5-1a56-4b2f-b7e7-e22f6da1e32a

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

3.9 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for NVD:CVE-2022-3343

prion1 cvelist1 wpexploit1 wpvulndb1 cve1