Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cnvdChina National Vulnerability DatabaseCNVD-2022-65207
HistoryMay 18, 2022 - 12:00 a.m.

WordPress WPQA plugin access control error vulnerability

2022-05-1800:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
wordpress
wpqa plugin
access control
vulnerability
php
ajax operation
authenticated attacker
message_id
wordpress foundation

EPSS

0.001

Percentile

24.8%

JSON

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. An access control error vulnerability exists in versions of WordPress WPQA plugin prior to 5.2, which stems from a failure to verify that the message_id of the wpqa_message_view ajax operation belongs to the requesting user. id belongs to the requesting user, and any authenticated attacker can use this vulnerability to read messages from other users.

Related

prion 1
cvelist 1
patchstack 1
cve 1
nvd 1
prion
prion
Design/Logic Flaw
2022-05-16 15:15:00
cvelist
cvelist
CVE-2022-1425 WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOR
2022-05-16 14:31:01
patchstack
patchstack
WordPress WPQA - Builder forms Addon plugin < 5.2 - Private Message Disclosure via IDOR vulnerability
2022-04-21 00:00:00
cve
cve
CVE-2022-1425
2022-05-16 15:15:09
nvd
nvd
CVE-2022-1425
2022-05-16 15:15:09

EPSS

0.001

Percentile

24.8%

JSON
Related for CNVD-2022-65207
prion1cvelist1patchstack1cve1nvd1