Vulnerabilities > CVE-2022-2198 - Authorization Bypass Through User-Controlled Key vulnerability in 2Code Wpqa Builder 5.2

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

2code

CWE-639

NVD

Published: 2022-08-22

Updated: 2022-08-25

Summary

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced.

Vulnerable Configurations

Part	Description	Count
Application	2Code 2Code Wpqa Builder - 2Code Wpqa Builder 5.2	2

Common Weakness Enumeration (CWE)

CWE-639 - Authorization Bypass Through User-Controlled Key

References

https://wpscan.com/vulnerability/867248f2-d497-4ea8-b3f8-0f2e8aaaa2bd