cbcvebase.
CVE-2022-3343
published 2023-01-09

CVE-2022-3343: The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate…

PriorityP414low3.5CVSS 3.1
AVNACLPRLUIRSUCNILAN
EPSS
0.49%
38.3th percentile
The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.

Affected

1 ranges
VendorProductVersion rangeFixed in
2codewpqa_builder< 5.9.35.9.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.