Lucene search

[email protected]NVD:CVE-2022-3343

HistoryJan 09, 2023 - 11:15 p.m.

CVE-2022-3343

2023-01-0923:15:26

[email protected]

web.nvd.nist.gov

wpqa builder

discy

himer discy

wordpress themes

user validation

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

3.9

Confidence

High

EPSS

0.001

Percentile

25.4%

JSON

The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.

Affected configurations

Nvd

Node

2codewpqa_builderRange<5.9.3wordpress

VendorProductVersionCPE
2codewpqa_builder*cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*

Vendor	Product	Version	CPE
2code	wpqa_builder	*	cpe:2.3:a:2code:wpqa_builder::::::wordpress::*

References

wpscan.com/vulnerability/e507b1b5-1a56-4b2f-b7e7-e22f6da1e32a

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

3.9

Confidence

High

EPSS

0.001

Percentile

25.4%

JSON

Related for NVD:CVE-2022-3343

prion1 cve1 wpvulndb1 cvelist1 wpexploit1