Whoisbinit

**Name of the Vulnerable Software and Affected Versions** WPQA Builder Plugin versions prior to 5.2 **Description** The issue allows any user with privileges as low as Subscriber to delete the profile pictures of other users due to a lack of validation for the `image id` parameter in the `wpqa remove image` ajax action. **Recommendations** For versions prior to 5.2, update to version 5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the `wpqa remove image` ajax action to prevent unauthorized deletion of profile pictures.