CVE-2022-3343
published 2023-01-09CVE-2022-3343: The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate…
PriorityP414low3.5CVSS 3.1
AVNACLPRLUIRSUCNILAN
EPSS
0.49%
38.3th percentile
The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer Discy WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| 2code | wpqa_builder | < 5.9.3 | 5.9.3 |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-01-09
Published