Vulnerabilities > CVE-2022-2198 - Unspecified vulnerability in 2Code Wpqa Builder 5.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |