| |
Vulnerability CVE-2022-2198
Published: 2022-08-22
| Description: |
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced. |
Type:
CWE-639 (Authorization Bypass Through User-Controlled Key)
References: |
https://wpscan.com/vulnerability/867248f2-d497-4ea8-b3f8-0f2e8aaaa2bd
|
|
|
Copyright 2026, cxsecurity.com
|
|
|
