2 matches found
CVE-2022-1425
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...
CVE-2022-1425
The CVE concerns the WPQA Builder Plugin for WordPress (pre-5.2), used with the Discy and Himer plugins. The vulnerability arises because the wpqa_message_view AJAX action does not validate that the message_id belongs to the requesting user, enabling an IDOR disclosure where any authenticated use...