Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:16 p.m.8 views

CVE-2022-1349

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

4.3CVSS6.8AI score0.00618EPSS
Exploits1References1
OSV
OSV
added 2022/05/16 3:15 p.m.5 views

CVE-2022-1349

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

4.3CVSS5.8AI score0.00618EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/05/16 2:30 p.m.35 views

CVE-2022-1349 WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

5AI score0.00618EPSS
Exploits1References1
CVE
CVE
added 2022/05/16 2:30 p.m.82 views

CVE-2022-1349

The CVE-2022-1349 issue affects the WordPress WPQA Builder Plugin (prior to v5.2). The underlying flaw is that the image_id parameter in the wpqa_remove_image AJAX action is not validated against the requesting user, enabling an attacker with privileges as low as Subscriber to delete other users’...

4.3CVSS4.6AI score0.00618EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder