Lucene search
+L

66 matches found

CNNVD
CNNVD
added 2024/07/03 12:0 a.m.5 views

WordPress plugin WPQA Builder Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...

8.8CVSS6.7AI score0.00372EPSS
Exploits2References2
NVD
NVD
added 2023/01/09 11:15 p.m.33 views

CVE-2022-3343

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

3.5CVSS3.9AI score0.00488EPSS
Exploits2References1
OSV
OSV
added 2023/01/09 11:15 p.m.3 views

CVE-2022-3343

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

3.5CVSS5.6AI score0.00488EPSS
Exploits2References1
Prion
Prion
added 2023/01/09 11:15 p.m.17 views

Design/Logic Flaw

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

3.5CVSS4.1AI score0.00488EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/01/09 10:13 p.m.70 views

CVE-2022-3343

The CVE-2022-3343 entry concerns the WPQA Builder WordPress plugin (pre-5.9.3) used with Discy/Himer themes. Affected component: wpqa_following_you_ajax action. Root cause: insufficient validation to verify if a user already follows another, enabling exploitation by having another user repeatedly...

3.5CVSS3.8AI score0.00488EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/01/09 10:13 p.m.40 views

CVE-2022-3343 WPQA < 5.9.3 - Missing validation lead to functionality abuse

The WPQA Builder WordPress plugin before 5.9.3 which is a companion plugin used with Discy and Himer Discy WordPress themes incorrectly tries to validate that a user already follows another in the wpqafollowingyouajax action, allowing a user to inflate their score on the site by having another us...

4.3AI score0.00488EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/01/09 12:0 a.m.4 views

WordPress Plugin WPQA Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

3.5CVSS5.1AI score0.00488EPSS
Exploits2References2
CNVD
CNVD
added 2022/11/23 12:0 a.m.51 views

WordPress WPQA Builder Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS8.8AI score0.00477EPSS
Exploits1References1
OSV
OSV
added 2022/11/21 11:15 a.m.4 views

CVE-2022-3688

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...

8.8CVSS5.8AI score0.00477EPSS
Exploits1References1
NVD
NVD
added 2022/11/21 11:15 a.m.25 views

CVE-2022-3688

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...

8.8CVSS0.00477EPSS
Exploits1References1
Prion
Prion
added 2022/11/21 11:15 a.m.18 views

Cross site request forgery (csrf)

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...

6.8CVSS8.6AI score0.00477EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/11/21 12:0 a.m.5 views

WordPress plugin WPQA Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.7AI score0.00477EPSS
Exploits1References2
CVE
CVE
added 2022/11/21 12:0 a.m.66 views

CVE-2022-3688

CVE-2022-3688 applies to the WPQA Builder WordPress plugin prior to version 5.9, where there is no CSRF check for follow/unfollow actions. The underlying issue permits CSRF attacks to cause logged-in users to perform such actions, with a CVSS 3.1 base score of 8.8 (HIGH) and impact on confidentia...

8.8CVSS8.8AI score0.00477EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/11/21 12:0 a.m.8 views

CVE-2022-3688 WPQA < 5.9 - Follow/Unfollow via CSRF

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...

8.7AI score0.00477EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/11/21 12:0 a.m.28 views

CVE-2022-3688 WPQA < 5.9 - Follow/Unfollow via CSRF

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...

8.9AI score0.00477EPSS
Exploits1References1
OSV
OSV
added 2022/08/22 3:15 p.m.4 views

CVE-2022-2198

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.3CVSS5.8AI score0.00609EPSS
Exploits1References1
NVD
NVD
added 2022/08/22 3:15 p.m.28 views

CVE-2022-2198

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.3CVSS0.00609EPSS
Exploits1References1
Prion
Prion
added 2022/08/22 3:15 p.m.18 views

Authorization

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4CVSS4.6AI score0.00609EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/08/22 3:0 p.m.50 views

CVE-2022-2198

CVE-2022-2198 affects the WPQA Builder WordPress plugin prior to 5.7. The issue is an authorization bug: any logged-in user can read another user’s private messages by guessing the message id, due to missing access checks. Impact is disclosure of private messages; the advisory does not quantify b...

4.3CVSS4.5AI score0.00609EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.9 views

PT-2022-15204 · WordPress · Wpqa Builder

Name of the Vulnerable Software and Affected Versions: WPQA Builder WordPress plugin versions prior to 5.7 Description: The issue allows any logged-in user to read other users' private messages using the message id, which can easily be brute forced, due to a lack of authorization checks before...

4.3CVSS4.5AI score0.00609EPSS
Exploits1References5
Rows per page
Query Builder