WordPress · Wpqa Builder · CVE-2022-3343
**Name of the Vulnerable Software and Affected Versions**
WPQA Builder WordPress plugin versions prior to 5.9.3
**Description**
The issue arises from incorrect validation in the `wpqa following you ajax` action, allowing a user to inflate their score by receiving repeated follow actions from another user. This can be exploited by having another user send multiple follow requests.
**Recommendations**
For WPQA Builder WordPress plugin versions prior to 5.9.3, update to version 5.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wpqa following you ajax` action to minimize the risk of exploitation.