CVE-2022-1425

Name of the Vulnerable Software and Affected Versions WPQA Builder Plugin versions prior to 5.2

Description The issue allows any user to read messages for other users due to an Insecure Direct Object Reference (IDOR) vulnerability. This occurs because the plugin does not validate that the message id of the wpqa message view ajax action belongs to the requesting user.

Recommendations For versions prior to 5.2, update to version 5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the wpqa message view ajax action to minimize the risk of exploitation.