Описание
The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.
Ссылки
- ExploitThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 5.9.3 (исключая)
cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
EPSS
Процентиль: 43%
0.00206
Низкий
3.5 Low
CVSS3
Дефекты
Связанные уязвимости
CVSS3: 3.5
github
около 3 лет назад
The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.
EPSS
Процентиль: 43%
0.00206
Низкий
3.5 Low
CVSS3