CVSS: 6.3EPSS: 0%CPEs: 1EXPL: 3CVE-2024-2040 – Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
https://notcve.org/view.php?id=CVE-2024-2040
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack El tema Himer WordPress anterior a 2.1.1 no tiene comprobaciones CSRF en algunos lugares, lo que podría permitir a los atacantes hacer que los usuarios se unan a grupos privados mediante un ataque CSRF. The Himer theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.0. This is due to missing or incorrect nonce validation on the wpqa_join_group AJAX action. This makes it possible for unauthenticated attackers to join private groups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://github.com/AbdElRahmanEzzat1995/CVE-2024-20404 https://github.com/AbdElRahmanEzzat1995/CVE-2024-20405 https://wpscan.com/vulnerability/1b97bbf0-c7d1-4e6c-bb80-f9bf45fbfe1e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3343 – WPQA < 5.9.3 - Missing validation lead to functionality abuse
https://notcve.org/view.php?id=CVE-2022-3343
The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. El complemento WPQA Builder de WordPress anterior a 5.9.3 (que es un complemento complementario utilizado con los temas de WordPress de Discy y Himer Discy) intenta validar incorrectamente que un usuario ya sigue a otro en la acción wpqa_following_you_ajax, lo que permite al usuario inflar su puntuación en el sitio hacer que otro usuario les envíe acciones de seguimiento repetidas. The WPQA - Builder forms Addon For WordPress plugin is vulnerable to insecure direct object reference in versions up to, and including, 5.9.2 along with the Himer (<= 1.9.3) and Discy (<= 5.5.3) WordPress themes. This is due to insufficient validation of user follows on the wpqa_following_you_ajax action. This makes it possible for authenticated attackers with subscriber-level capabilities and above to inflate follower counts of others by sending repeat follow requests. • https://wpscan.com/vulnerability/e507b1b5-1a56-4b2f-b7e7-e22f6da1e32a • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3688 – WPQA < 5.9 - Follow/Unfollow via CSRF
https://notcve.org/view.php?id=CVE-2022-3688
The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks El complemento de WordPress WPQA Builder anterior a 5.9 no tiene verificación CSRF al seguir y dejar de seguir a los usuarios, lo que podría permitir a los atacantes hacer que los usuarios que han iniciado sesión realicen tales acciones a través de ataques CSRF. The WPQA plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, but not including, 5.9. This is due to missing or incorrect nonce validation on some of its functions. This makes it possible for unauthenticated attackers to invoke these functions leading users to follow or unfollow others, via forged request granted they can trick a site user into performing an action such as clicking on a link. • https://wpscan.com/vulnerability/03b2c6e6-b86e-4143-a84a-7a99060c4848 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-2198 – WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOR
https://notcve.org/view.php?id=CVE-2022-2198
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced. El plugin WPQA Builder de WordPress versiones anteriores a 5.7, que es un plugin complementario de Hilmer y Discy, no comprueba la autorización antes de mostrar los mensajes privados, lo que permite a cualquier usuario conectado leer los mensajes privados de otros usuarios usando el identificador del mensaje, que puede ser fácilmente forzado. • https://wpscan.com/vulnerability/867248f2-d497-4ea8-b3f8-0f2e8aaaa2bd • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1323 – Discy < 5.0 - Subscriber+ Broken Access Control to change settings
https://notcve.org/view.php?id=CVE-2022-1323
The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discy_update_options action, allowing any logged in users (with privileges as low as Subscriber,) to change Theme options by sending a crafted POST request. El tema Discy de WordPress versiones anteriores a 5.0, carece de comprobaciones de autorización al procesar las peticiones ajax a la acción discy_update_options, lo que permite a cualquier usuario conectado (con privilegios tan bajos como el de suscriptor) cambiar las opciones del tema mediante el envío de una petición POST diseñada The "Discy - Social Questions and Answers WordPress Theme" theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the discy_update_options AJAX action in versions up to, and including, 4.9. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to modify the plugin's settings. • https://wpscan.com/vulnerability/2d8020e1-6489-4555-9956-2dc190aaa61b • CWE-862: Missing Authorization •