WordPress Plugin Vulnerabilities

Comments - wpDiscuz 7.4.2 - Subscriber+ IDOR

Description

The plugin is affected by an unspecified IDOR exploitable by any authenticated users, such as subscriber

Affects Plugins

Plugin icon
wpdiscuz
Fixed in 7.5

References

CVE
CVE-2022-43492

Classification

Type
IDOR
OWASP top 10
A5: Broken Access Control
CWE
CWE-639
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Dhakal Ananda
Verified
No
WPVDB ID
377d2e2d-9a6b-46d7-8be7-dd9fde5d351b

Timeline

Publicly Published
2022-10-28 (about 3 years ago)
Added
2022-11-21 (about 3 years ago)
Last Updated
2022-11-21 (about 3 years ago)

Other

Published
Title
Published
2023-12-27
Title
WooCommerce Stripe Payment Gateway < 7.6.2 - Unauthenticated Order Deletion via IDOR
Published
2026-01-06
Title
User Activity Log <= 2.2 - Unauthenticated Limited Arbitrary Option Update
Published
2025-10-17
Title
Image optimization service by Optimole < 4.1.1 - Insecure Direct Object Reference to Authenticated (Author+) Media Offload
Published
2025-02-23
Title
Amelia < 1.2.17 - Unauthenticated Insecure Direct Object Reference
Published
2025-01-10
Title
RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure