Описание
The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.4 (исключая)
cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 96%
0.25754
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 5.3
github
больше 3 лет назад
The WPQA Builder WordPress plugin before 5.4 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.
EPSS
Процентиль: 96%
0.25754
Средний
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-306