PT-2022-13995 · WordPress · Wpqa Builder
Veshraj Ghimire
·
Published
2022-06-06
·
Updated
2023-07-04
·
CVE-2022-1598
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WPQA Builder WordPress plugin versions prior to 5.5
Description
The issue concerns a lack of authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. This affects the WPQA Builder WordPress plugin, which is a companion to the Discy and Himer.
Recommendations
For WPQA Builder WordPress plugin versions prior to 5.5, update to version 5.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the REST API endpoint to minimize the risk of exploitation.
Exploit
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wpqa Builder