66 matches found
WordPress plugin WPQA Builder Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...
CVE-2022-3343
The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...
CVE-2022-3343
The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...
Design/Logic Flaw
The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...
CVE-2022-3343
The CVE-2022-3343 entry concerns the WPQA Builder WordPress plugin (pre-5.9.3) used with Discy/Himer themes. Affected component: wpqa_following_you_ajax action. Root cause: insufficient validation to verify if a user already follows another, enabling exploitation by having another user repeatedly...
CVE-2022-3343 WPQA < 5.9.3 - Missing validation lead to functionality abuse
The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...
WordPress Plugin WPQA Builder 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress WPQA Builder Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2022-3688
The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...
CVE-2022-3688
The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...
Cross site request forgery (csrf)
The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...
WordPress plugin WPQA Builder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
CVE-2022-3688
CVE-2022-3688 applies to the WPQA Builder WordPress plugin prior to version 5.9, where there is no CSRF check for follow/unfollow actions. The underlying issue permits CSRF attacks to cause logged-in users to perform such actions, with a CVSS 3.1 base score of 8.8 (HIGH) and impact on confidentia...
CVE-2022-3688 WPQA < 5.9 - Follow/Unfollow via CSRF
The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...
CVE-2022-3688 WPQA < 5.9 - Follow/Unfollow via CSRF
The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...
CVE-2022-2198
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...
CVE-2022-2198
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...
Authorization
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...
CVE-2022-2198
CVE-2022-2198 affects the WPQA Builder WordPress plugin prior to 5.7. The issue is an authorization bug: any logged-in user can read another user’s private messages by guessing the message id, due to missing access checks. Impact is disclosure of private messages; the advisory does not quantify b...
PT-2022-15204 · WordPress · Wpqa Builder
Name of the Vulnerable Software and Affected Versions: WPQA Builder WordPress plugin versions prior to 5.7 Description: The issue allows any logged-in user to read other users' private messages using the message id, which can easily be brute forced, due to a lack of authorization checks before...