5.3
CVE-2022-1598
- EPSS 5.59%
- Veröffentlicht 08.06.2022 10:15:09
- Zuletzt bearbeitet 21.11.2024 06:41:02
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginWPQA < 5.5 - Unauthenticated Private Message Disclosure
WPQA - Builder forms Addon For WordPress <= 5.4 - Unauthenticated Private Message Disclosure
The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.
Mögliche Gegenmaßnahme
WPQA - Builder forms Addon For WordPress: Update to version 5.5, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
2code ≫ Wpqa Builder SwPlatformwordpress Version < 5.4
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
WPQA - Builder forms Addon For WordPress
Version
*-5.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.59% | 0.919 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8
https://www.wordfence.com/threat-intel/vulnerabilities/id/048c37c2-0ace-4bf1-8cb8-554c4645be21