PT-2022-13994 · WordPress · Wpqa Builder
Veshraj Ghimire
·
Published
2022-06-06
·
Updated
2022-06-14
·
CVE-2022-1597
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
WPQA Builder WordPress plugin versions prior to 5.4
Description
The issue is related to a Reflected Cross-Site Scripting attack. It occurs because a parameter on the reset password form is not properly sanitised and escaped, allowing for malicious actions. This affects the WPQA Builder WordPress plugin, which is used as a companion for the Discy and Himer.
Recommendations
For versions prior to 5.4, update to version 5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the reset password form until a patch is applied. Avoid using the vulnerable parameter in the reset password form until the issue is resolved.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wpqa Builder