WordPress Plugin Vulnerabilities

WPQA < 5.5 - Unauthenticated Private Message Disclosure

Description

The plugin which is a companion to the Discy and Himer themes, lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.

Proof of Concept

Visit /wp-json/wp/v2/asked-question

or /wp-json/wp/v2/asked-question/<iD> (where ID is numeric and can be bruteforced!)

Affects Plugins

Plugin icon
wpqa
Fixed in 5.5

References

CVE
CVE-2022-1598

Classification

Type
ACCESS CONTROLS
OWASP top 10
A5: Broken Access Control
CWE
CWE-284
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Veshraj Ghimire
Submitter
Veshraj Ghimire
Submitter website
https://veshrajghimire.com.np
Submitter twitter
GhimireVeshraj
Verified
Yes
WPVDB ID
0416ae2f-5670-4080-a88d-3484bb19d8c8

Timeline

Publicly Published
2022-05-16 (about 2 years ago)
Added
2022-05-16 (about 2 years ago)
Last Updated
2022-05-17 (about 2 years ago)

Other

Published
Title
Published
2021-08-17
Title
PostX Gutenberg Blocks for Post Grid < 2.4.10 - Missing Access Controls
Published
2021-10-18
Title
QR Redirector < 1.6 - Subscriber+ Arbitrary QR Redirect Response Status Update
Published
2022-06-28
Title
Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
Published
2024-02-16
Title
WP Maintenance < 6.1.7 - Information Exposure
Published
2024-01-16
Title
User Profile Builder < 3.10.9 - Missing Authorization to Plugin Settings Change via wppb_two_factor_authentication_settings_update