CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2025/05/22 10:16 p.m.•6 views

CVE-2022-1349

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

4.3CVSS6.8AI score0.00204EPSS

RedhatCVE•added 2025/05/22 10:16 p.m.•3 views

CVE-2022-1051

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...

5.4CVSS6AI score0.10291EPSS

RedhatCVE•added 2025/05/22 10:13 p.m.•5 views

CVE-2022-1425

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...

4.3CVSS6.7AI score0.00186EPSS

Vulnrichment•added 2024/07/03 6:0 a.m.•13 views

CVE-2024-2376 WPQA < 6.1.1 - Arbitrary Category and Tag Follow/Unfollow via CSRF

The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

6.8AI score0.00435EPSS

OSV•added 2022/05/16 3:15 p.m.•1 views

CVE-2022-1425

4.3CVSS5.8AI score

Exploits0References1

NVD•added 2022/05/16 3:15 p.m.•9 views

CVE-2022-1425

4.3CVSS0.00186EPSS

OSV•added 2022/05/16 3:15 p.m.•1 views

CVE-2022-1349

4.3CVSS5.8AI score0.00204EPSS

NVD•added 2022/05/16 3:15 p.m.•11 views

CVE-2022-1349

4.3CVSS0.00204EPSS

NVD•added 2022/05/16 3:15 p.m.•11 views

CVE-2022-1051

5.4CVSS0.10291EPSS

OSV•added 2022/05/16 3:15 p.m.•1 views

CVE-2022-1051

5.4CVSS5.8AI score0.10291EPSS

Prion•added 2022/05/16 3:15 p.m.•11 views

Design/Logic Flaw

4CVSS4.7AI score0.00204EPSS

Prion•added 2022/05/16 3:15 p.m.•14 views

Cross site scripting

3.5CVSS5.3AI score0.10291EPSS

Exploits2References1Affected Software1

Prion•added 2022/05/16 3:15 p.m.•17 views

Design/Logic Flaw

4CVSS4.6AI score0.00186EPSS

CVE•added 2022/05/16 2:31 p.m.•73 views

CVE-2022-1425

The CVE concerns the WPQA Builder Plugin for WordPress (pre-5.2), used with the Discy and Himer plugins. The vulnerability arises because the wpqa_message_view AJAX action does not validate that the message_id belongs to the requesting user, enabling an IDOR disclosure where any authenticated use...

4.3CVSS4.5AI score0.00186EPSS

CVE•added 2022/05/16 2:30 p.m.•71 views

CVE-2022-1349

The CVE-2022-1349 issue affects the WordPress WPQA Builder Plugin (prior to v5.2). The underlying flaw is that the image_id parameter in the wpqa_remove_image AJAX action is not validated against the requesting user, enabling an attacker with privileges as low as Subscriber to delete other users’...

4.3CVSS4.6AI score0.00204EPSS