CVE-2022-1425

CVE-2022-1425: WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOR

Vendor Unknown
Product WPQA Builder Plugin
Weakness CWE-639 · IDOR
Published May 16, 2022
Last update August 3, 2024

CVSS base score

What the vulnerability does

01Description

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Direct Object Reference (IDOR) vulnerability.

Key dates

02Disclosure timeline

May 16, 2022 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE