Lucene search
K

92 matches found

CNNVD
CNNVD
added 2022/11/21 12:0 a.m.4 views

WordPress plugin WPQA Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.7AI score0.00477EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/11/21 12:0 a.m.8 views

CVE-2022-3688 WPQA < 5.9 - Follow/Unfollow via CSRF

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...

8.7AI score0.00477EPSS
Exploits1References1
CVE
CVE
added 2022/11/21 12:0 a.m.65 views

CVE-2022-3688

CVE-2022-3688 applies to the WPQA Builder WordPress plugin prior to version 5.9, where there is no CSRF check for follow/unfollow actions. The underlying issue permits CSRF attacks to cause logged-in users to perform such actions, with a CVSS 3.1 base score of 8.8 (HIGH) and impact on confidentia...

8.8CVSS8.8AI score0.00477EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/11/21 12:0 a.m.26 views

CVE-2022-3688 WPQA < 5.9 - Follow/Unfollow via CSRF

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks...

8.9AI score0.00477EPSS
Exploits1References1
Patchstack
Patchstack
added 2022/10/25 12:0 a.m.26 views

WordPress WPQA premium plugin < 5.9 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Bikram Kharal in WordPress WPQA premium plugin versions 5.9. Solution Update the WordPress WPQA - Builder forms Addon plugin to the latest available version at least 5.9...

8.8CVSS3.4AI score0.00477EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/08/22 3:15 p.m.2 views

CVE-2022-2198

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.3CVSS5.8AI score0.00609EPSS
Exploits1References1
NVD
NVD
added 2022/08/22 3:15 p.m.27 views

CVE-2022-2198

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.3CVSS0.00609EPSS
Exploits1References1
Prion
Prion
added 2022/08/22 3:15 p.m.18 views

Authorization

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4CVSS4.6AI score0.00609EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/08/22 3:0 p.m.47 views

CVE-2022-2198

CVE-2022-2198 affects the WPQA Builder WordPress plugin prior to 5.7. The issue is an authorization bug: any logged-in user can read another user’s private messages by guessing the message id, due to missing access checks. Impact is disclosure of private messages; the advisory does not quantify b...

4.3CVSS4.5AI score0.00609EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/08/22 3:0 p.m.31 views

CVE-2022-2198 WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOR

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced...

4.8AI score0.00609EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.9 views

PT-2022-15204 · WordPress · Wpqa Builder

Name of the Vulnerable Software and Affected Versions: WPQA Builder WordPress plugin versions prior to 5.7 Description: The issue allows any logged-in user to read other users' private messages using the message id, which can easily be brute forced, due to a lack of authorization checks before...

4.3CVSS4.5AI score0.00609EPSS
Exploits1References5
CNVD
CNVD
added 2022/06/13 12:0 a.m.26 views

WordPress WPQA plugin cross-site scripting vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin. cross-site scripting vulnerability...

6.1CVSS2AI score0.0291EPSS
Exploits2References1
OSV
OSV
added 2022/06/08 10:15 a.m.4 views

CVE-2022-1597

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks...

6.1CVSS5.8AI score0.0291EPSS
Exploits2References1
NVD
NVD
added 2022/06/08 10:15 a.m.32 views

CVE-2022-1597

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks...

6.1CVSS0.0291EPSS
Exploits2References1
NVD
NVD
added 2022/06/08 10:15 a.m.43 views

CVE-2022-1598

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...

5.3CVSS0.05076EPSS
Exploits2References1
Prion
Prion
added 2022/06/08 10:15 a.m.20 views

Cross site scripting

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks...

4.3CVSS6.1AI score0.0291EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/06/08 10:15 a.m.27 views

Authentication flaw

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...

5CVSS5.4AI score0.05076EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.4 views

WordPress plugin WPQA Builder 访问控制错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. An access control error vulnerabili...

5.3CVSS5.9AI score0.05076EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/06/08 12:0 a.m.7 views

WordPress plugin WPQA 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress plugin is an application plugin. cross-site scripting vulnerability...

6.1CVSS5.7AI score0.0291EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/06/06 8:51 a.m.48 views

CVE-2022-1598 WPQA < 5.5 - Unauthenticated Private Message Disclosure

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site...

5.7AI score0.05076EPSS
Exploits2References1
Rows per page
Query Builder