CVE-2022-1598 – WPQA < 5.5 - Unauthenticated Private Message Disclosure
https://notcve.org/view.php?id=CVE-2022-1598
The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. El plugin WPQA Builder de WordPress versiones anteriores a 5.4, que es un compañero de Discy y Himer , carece de autenticación en un endpoint de la API REST, lo que permite a usuarios no autenticados descubrir preguntas privadas enviadas entre usuarios en el sitio The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. • https://github.com/V35HR4J/CVE-2022-1598 https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8 • CWE-284: Improper Access Control CWE-306: Missing Authentication for Critical Function •
CVE-2022-1597 – WPQA < 5.4 - Reflected Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2022-1597
The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks El plugin WPQA Builder para WordPress versiones anteriores a 5.4, usado como compañero de Discy e Himer , no sanea y escapa de un parámetro en su formulario de restablecimiento de contraseña, lo que hace posible llevar a cabo ataques de tipo Cross-Site Scripting Reflejado • https://github.com/V35HR4J/CVE-2022-1597 https://wpscan.com/vulnerability/faff9484-9fc7-4300-bdad-9cd8a30a9a4e • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-1349 – WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR
https://notcve.org/view.php?id=CVE-2022-1349
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user. El plugin WPQA Builder de WordPress versiones anteriores a 5.2, usado como plugin complementario para el Discy y el Himer , no comprueba que el valor pasado al parámetro image_id de la acción ajax wpqa_remove_image pertenezca al usuario solicitante, permitiendo que cualquier usuario (con privilegios tan bajos como el de suscriptor) pueda eliminar las fotos de perfil de cualquier otro usuario • https://wpscan.com/vulnerability/7ee95a53-5fe9-404c-a77a-d1218265e4aa • CWE-287: Improper Authentication CWE-639: Authorization Bypass Through User-Controlled Key •
CVE-2022-1051 – WPQA < 5.2 - Subscriber+ Stored Cross-Site Scripting via Profile fields
https://notcve.org/view.php?id=CVE-2022-1051
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not sanitise and escape the city, phone or profile credentials fields when outputting it in the profile page, allowing any authenticated user to perform Cross-Site Scripting attacks. El plugin WPQA Builder Plugin de WordPress versiones anteriores a 5.2, usado como plugin complementario de Discy y Himer , no sanea ni escapa de los campos de credenciales city, phone or profile cuando los muestra en la página de perfil, lo que permite a cualquier usuario autenticado llevar a cabo ataques de tipo Cross-Site Scripting • https://github.com/V35HR4J/CVE-2022-1051 https://wpscan.com/vulnerability/cb2fa587-da2f-460e-a402-225df7744765 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-1425 – WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOR
https://notcve.org/view.php?id=CVE-2022-1425
The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Direct Object Reference (IDOR) vulnerability. El plugin WPQA Builder de WordPress versiones anteriores a 5.2, usado como plugin complementario de Discy y Himer , no comprueba que el message_id de la acción ajax wpqa_message_view pertenezca al usuario solicitante, lo que conlleva a que cualquier usuario pueda leer los mensajes de cualquier otro usuario por medio de una vulnerabilidad de tipo Insecure Direct Object Reference (IDOR) • https://wpscan.com/vulnerability/b110e2f7-4aa3-47b5-a8f2-0a7fe53cc467 • CWE-639: Authorization Bypass Through User-Controlled Key •