Vulnerabilities > 2Code > Wpqa Builder > 5.2
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-09 | CVE-2022-3343 | Unspecified vulnerability in 2Code Wpqa Builder 5.2/5.7/5.9 The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. | 3.5 |
| 2022-11-21 | CVE-2022-3688 | Unspecified vulnerability in 2Code Wpqa Builder 5.2/5.7 The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks | 8.8 |
| 2022-06-08 | CVE-2022-1597 | Cross-site Scripting vulnerability in 2Code Wpqa Builder 5.2 The WPQA Builder WordPress plugin before 5.4, used as a companion for the Discy and Himer , does not sanitise and escape a parameter on its reset password form which makes it possible to perform Reflected Cross-Site Scripting attacks | 4.3 |
| 2022-06-08 | CVE-2022-1598 | Missing Authentication for Critical Function vulnerability in 2Code Wpqa Builder 5.2 The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site. | 5.3 |