CVE-2024-2375

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

EUVD-2022-42730

Malicious code in bioql PyPI...

CVE-2022-3343

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

CVE-2022-1597

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks...

CVE-2022-1598

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...

CVE-2022-1349

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

CVE-2022-1051

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...

CVE-2022-1425

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...

CVE-2024-2375

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-2376

The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-2375

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-2376

The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-2376 WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF

The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-2376 WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF

The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

CVE-2024-2375 WPQA < 6.1.1 - Contributor+ Stored XSS

The WPQA Builder WordPress plugin before 6.1.1 does not sanitise and escape some of its Slider settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks...

CVE-2024-2375

The CVE covers the WordPress plugin WPQA Builder (Builder forms Addon) prior to version 6.1.1. The issue arises from insufficient sanitisation/escaping of some Slider settings, enabling Stored XSS when exploited by high-privilege users (e.g., contributors). Affected versions are before 6.1.1; rem...

CVE-2024-2376

The CVE-2024-2376 issue affects the WordPress WPQA Builder plugin prior to version 6.1.1, where CSRF checks are missing in some areas. This allows authenticated attackers to trigger actions on behalf of logged-in users (e.g., Arbitrary Category and Tag Follow/Unfollow), as documented by multiple ...

WordPress plugin WPQA Builder cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site...

WordPress WPQA - Builder forms Addon Plugin < 6.1.1 is vulnerable to Cross Site Scripting (XSS)

Software WPQA - Builder forms Addon Type Plugin Vulnerable versions 6.1.1 Fixed in 6.1.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2375 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID b62f23b8b86a Credits Bob Matyas...

PT-2024-20062 · WordPress · Wpqa Builder

Name of the Vulnerable Software and Affected Versions: WPQA Builder WordPress plugin versions prior to 6.1.1 Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks. Recommendations:...