WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plug-in. An access control error vulnerability exists in versions of WordPress WPQA plugin prior to 5.2, which stems from a failure to verify that the message_id of the wpqa_message_view ajax operation belongs to the requesting user. id belongs to the requesting user, and any authenticated attacker can use this vulnerability to read messages from other users.