Lucene search
+L

66 matches found

Prion
Prion
added 2022/05/16 3:15 p.m.20 views

Cross site scripting

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...

3.5CVSS5.3AI score0.01248EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/05/16 3:15 p.m.24 views

Design/Logic Flaw

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...

4CVSS4.6AI score0.00772EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/05/16 3:15 p.m.20 views

Design/Logic Flaw

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

4CVSS4.7AI score0.00632EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/16 2:31 p.m.83 views

CVE-2022-1425

The CVE concerns the WPQA Builder Plugin for WordPress (pre-5.2), used with the Discy and Himer plugins. The vulnerability arises because the wpqa_message_view AJAX action does not validate that the message_id belongs to the requesting user, enabling an IDOR disclosure where any authenticated use...

4.3CVSS4.5AI score0.00772EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/16 2:30 p.m.87 views

CVE-2022-1349

The CVE-2022-1349 issue affects the WordPress WPQA Builder Plugin (prior to v5.2). The underlying flaw is that the image_id parameter in the wpqa_remove_image AJAX action is not validated against the requesting user, enabling an attacker with privileges as low as Subscriber to delete other users’...

4.3CVSS4.6AI score0.00632EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/16 2:30 p.m.93 views

CVE-2022-1051

The CVE-2022-1051 issue affects the WPQA Builder plugin for WordPress (versions before 5.2), used as a companion plugin for the Discy and Himer themes. The vulnerability stems from insufficient sanitization/escaping of city, phone, or profile credential fields when rendering the profile page, ena...

5.4CVSS5.3AI score0.01248EPSS
Exploits2References1Affected Software1
Rows per page
Query Builder