Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistWPScanCVELIST:CVE-2022-1598
HistoryJun 06, 2022 - 8:51 a.m.

CVE-2022-1598 WPQA < 5.5 - Unauthenticated Private Message Disclosure

2022-06-0608:51:12
WPScan
www.cve.org
2
cve-2022-1598
wpqa
unauthenticated
private message
disclosure
rest api
endpoint
discy
himer
wordpress
plugin

EPSS

0.012

Percentile

85.0%

JSON

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "WPQA Builder",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "5.5"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Related

patchstack 1
prion 1
nuclei 1
cve 1
nvd 1
patchstack
patchstack
WordPress WPQA premium plugin <= 5.4 - Unauthenticated Private Message Disclosure vulnerability
2022-05-16 00:00:00
prion
prion
Authentication flaw
2022-06-08 10:15:00
nuclei
nuclei
WordPress WPQA <5.5 - Improper Access Control
2022-05-17 08:26:45
cve
cve
CVE-2022-1598
2022-06-08 10:15:09
nvd
nvd
CVE-2022-1598
2022-06-08 10:15:09

EPSS

0.012

Percentile

85.0%

JSON
Related for CVELIST:CVE-2022-1598
patchstack1prion1nuclei1cve1nvd1