| |
Podatność CVE-2022-2198
Publikacja: 2022-08-22
| Opis: |
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced. |
Typ:
CWE-639 (Authorization Bypass Through User-Controlled Key)
Referencje: |
https://wpscan.com/vulnerability/867248f2-d497-4ea8-b3f8-0f2e8aaaa2bd
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
Polish
English