2 matches found
CVE-2022-1598 WPQA < 5.5 - Unauthenticated Private Message Disclosure
The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...
CVE-2022-1598
The CVE-2022-1598 entry concerns the WPQA Builder WordPress plugin (pre-5.5) with an improper access control in a REST API endpoint, enabling unauthenticated users to view private questions/messages between site users. Affected software: WPQA Builder WordPress plugin prior to version 5.5. Root ca...