Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-65206
HistoryMay 18, 2022 - 12:00 a.m.

WordPress WPQAs plugin authorization issue vulnerability

2022-05-1800:00:00
China National Vulnerability Database
www.cnvd.org.cn
8
wordpress
wpqas
plugin
authorization
vulnerability
image_id
ajax operation
php
failure to verify
requesting user
profile image
wordpress foundation

EPSS

0.001

Percentile

24.8%

JSON

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The WordPress plugin is an application plugin. WordPress WPQAs plugin versions prior to 5.2 are vulnerable to an authorization issue that stems from a failure to verify that the value of the image_id parameter of wpqa_remove_image passed to the ajax operation belongs to the requesting user. id parameter value passed to the ajax operation belongs to the requesting user. An attacker could use this vulnerability to remove any other user’s profile image.

Related

nvd 1
patchstack 1
cve 1
prion 1
cvelist 1
nvd
nvd
CVE-2022-1349
2022-05-16 15:15:09
patchstack
patchstack
WordPress WPQA - Builder forms Addon plugin < 5.2 - Arbitrary Profile Picture Deletion via IDOR vulnerability
2022-04-21 00:00:00
cve
cve
CVE-2022-1349
2022-05-16 15:15:09
prion
prion
Design/Logic Flaw
2022-05-16 15:15:00
cvelist
cvelist
CVE-2022-1349 WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR
2022-05-16 14:30:48

EPSS

0.001

Percentile

24.8%

JSON
Related for CNVD-2022-65206
nvd1patchstack1cve1prion1cvelist1