Lucene search
K

92 matches found

CVE
CVE
added 2022/06/06 8:51 a.m.2214 views

CVE-2022-1598

The CVE-2022-1598 entry concerns the WPQA Builder WordPress plugin (pre-5.5) with an improper access control in a REST API endpoint, enabling unauthenticated users to view private questions/messages between site users. Affected software: WPQA Builder WordPress plugin prior to version 5.5. Root ca...

5.3CVSS5.4AI score0.05076EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2022/06/06 8:51 a.m.103 views

CVE-2022-1597

The CVE-2022-1597 entry concerns the WordPress WPQA Builder plugin (pre-5.4), used with the Discy/Himer themes. Affected component is the reset-password form parameter, which is not properly sanitized/escaped, enabling Reflected Cross-Site Scripting. The vulnerability allows an attacker to execut...

6.1CVSS6.1AI score0.0291EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/06 8:51 a.m.32 views

CVE-2022-1597 WPQA < 5.4 - Reflected Cross-Site Scripting

The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks...

6.3AI score0.0291EPSS
Exploits2References1
GithubExploit
GithubExploit
added 2022/05/30 10:54 a.m.7 views

Exploit for Missing Authentication for Critical Function in 2Code Wpqa_Builder

CVE-2022-1598 WPQA 5.5 - Unauthenticated Private Message...

5.3CVSS6.6AI score0.05076EPSS
Exploits2
CNVD
CNVD
added 2022/05/18 12:0 a.m.21 views

WordPress WPQA plugin access control error vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. An access control error vulnerability exists in versions of WordPress WPQA plugin prior to 5.2, whic...

4.3CVSS2.7AI score0.00756EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2022/05/16 3:33 p.m.6 views

Exploit for Cross-site Scripting in 2Code Wpqa_Builder

CVE-2022-1597 The plugin, used as a companion for the Discy a...

6.1CVSS6.4AI score0.0291EPSS
Exploits2
NVD
NVD
added 2022/05/16 3:15 p.m.32 views

CVE-2022-1349

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

4.3CVSS0.00618EPSS
Exploits1References1
NVD
NVD
added 2022/05/16 3:15 p.m.27 views

CVE-2022-1425

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...

4.3CVSS0.00756EPSS
Exploits1References1
OSV
OSV
added 2022/05/16 3:15 p.m.6 views

CVE-2022-1349

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

4.3CVSS5.8AI score0.00618EPSS
Exploits1References1
OSV
OSV
added 2022/05/16 3:15 p.m.3 views

CVE-2022-1425

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...

4.3CVSS5.8AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.6 views

CVE-2022-1349

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

4.3CVSS5.5AI score0.00618EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.8 views

CVE-2022-1425

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...

4.3CVSS5.5AI score0.00756EPSS
Exploits1References2
OSV
OSV
added 2022/05/16 3:15 p.m.5 views

CVE-2022-1051

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...

5.4CVSS5.8AI score0.01221EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/05/16 3:15 p.m.5 views

CVE-2022-1051

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...

5.4CVSS5.9AI score0.01221EPSS
Exploits2References2
NVD
NVD
added 2022/05/16 3:15 p.m.31 views

CVE-2022-1051

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...

5.4CVSS0.01221EPSS
Exploits2References1
Prion
Prion
added 2022/05/16 3:15 p.m.19 views

Cross site scripting

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks...

3.5CVSS5.3AI score0.01221EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/05/16 3:15 p.m.18 views

Design/Logic Flaw

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the imageid parameter of the ajax action wpqaremoveimage belongs to the requesting user, allowing any users with privileges as low as Subscriber to...

4CVSS4.7AI score0.00618EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/05/16 3:15 p.m.23 views

Design/Logic Flaw

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...

4CVSS4.6AI score0.00756EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/05/16 2:31 p.m.82 views

CVE-2022-1425

The CVE concerns the WPQA Builder Plugin for WordPress (pre-5.2), used with the Discy and Himer plugins. The vulnerability arises because the wpqa_message_view AJAX action does not validate that the message_id belongs to the requesting user, enabling an IDOR disclosure where any authenticated use...

4.3CVSS4.5AI score0.00756EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/05/16 2:31 p.m.34 views

CVE-2022-1425 WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOR

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the messageid of the wpqamessageview ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Dire...

4.9AI score0.00756EPSS
Exploits1References1
Rows per page
Query Builder