CVE-2022-3343

The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.
Configurations

Configuration 1 (hide)

cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*

History

21 Nov 2024, 07:19

Type Values Removed Values Added
References () https://wpscan.com/vulnerability/e507b1b5-1a56-4b2f-b7e7-e22f6da1e32a - Exploit, Third Party Advisory () https://wpscan.com/vulnerability/e507b1b5-1a56-4b2f-b7e7-e22f6da1e32a - Exploit, Third Party Advisory
Summary
  • (es) El complemento WPQA Builder de WordPress anterior a 5.9.3 (que es un complemento complementario utilizado con los temas de WordPress de Discy y Himer Discy) intenta validar incorrectamente que un usuario ya sigue a otro en la acción wpqa_following_you_ajax, lo que permite al usuario inflar su puntuación en el sitio hacer que otro usuario les envíe acciones de seguimiento repetidas.

17 Mar 2023, 09:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-01-09 23:15

Updated : 2024-11-21 07:19


NVD link : CVE-2022-3343

Mitre link : CVE-2022-3343

CVE.ORG link : CVE-2022-3343


JSON object : View

Products Affected

2code

  • wpqa_builder
CWE

No CWE.