WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

WPQA < 5.5 - Unauthenticated Private Message Disclosure

Description

The plugin which is a companion to the Discy and Himer themes, lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.

Proof of Concept

Visit /wp-json/wp/v2/asked-question

or /wp-json/wp/v2/asked-question/<iD> (where ID is numeric and can be bruteforced!)

Affects Plugins

wpqa
Fixed in version 5.5

References

CVE
CVE-2022-1598

Classification

Type

ACCESS CONTROLS

OWASP top 10
A5: Broken Access Control
CWE
CWE-284

Miscellaneous

Original Researcher

Veshraj Ghimire

Submitter

Veshraj Ghimire

Submitter website
https://veshrajghimire.com.np
Submitter twitter
GhimireVeshraj
Verified

Yes

WPVDB ID
0416ae2f-5670-4080-a88d-3484bb19d8c8

Timeline

Publicly Published

2022-05-16 (about 1 years ago)

Added

2022-05-16 (about 1 years ago)

Last Updated

2022-05-17 (about 1 years ago)

Our Other Services

WPScan WordPress Security Plugin