Security Advisory

CVE-2022-2198

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-08-22 15:00:17

Last updated 2024-08-03 00:32:08

Assigner WPScan

State PUBLISHED

Description

The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced.

← Browse all CVEs View on cve.org ↗