CVE-2022-3343

CWE-639Insecure Direct Object Reference3 documents3 sources
Severity
3.5LOW
EPSS
0.3%
top 46.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Unknown DiscyUnknown HimerUnknown Wpqa Builder+1 more
Timeline
PublishedJan 9
Latest updateJan 10

Description

The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages4 packages

CVEListV5unknown/discy< 5.5.3
NVD2code/wpqa_builder< 5.9.3
CVEListV5unknown/wpqa_builder< 5.9.3
CVEListV5unknown/himer< 1.9.3

🔴Vulnerability Details

2
GHSA
GHSA-v24x-rp9v-pm6r: The WPQA Builder WordPress plugin before 52023-01-10
CVEList
WPQA < 5.9.3 - Missing validation lead to functionality abuse2023-01-09
CVE-2022-3343 (LOW CVSS 3.5) | The WPQA Builder WordPress plugin b | cvebase.io