Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 11:44 p.m.13 views

CVE-2022-2198

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.3CVSS6.7AI score0.00609EPSS
Exploits1References1
OSV
OSV
added 2022/08/22 3:15 p.m.4 views

CVE-2022-2198

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.3CVSS5.8AI score0.00609EPSS
Exploits1References1
CVE
CVE
added 2022/08/22 3:0 p.m.47 views

CVE-2022-2198

CVE-2022-2198 affects the WPQA Builder WordPress plugin prior to 5.7. The issue is an authorization bug: any logged-in user can read another user’s private messages by guessing the message id, due to missing access checks. Impact is disclosure of private messages; the advisory does not quantify b...

4.3CVSS4.5AI score0.00609EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/08/22 3:0 p.m.32 views

CVE-2022-2198 WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOR

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.8AI score0.00609EPSS
Exploits1References1
Rows per page
Query Builder