CVE-2022-1425 - OpenCVE

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Direct Object Reference (IDOR) vulnerability.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
2code	Wpqa Builder

Configuration 1 [-]

cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*

References

Link	Resource
https://wpscan.com/vulnerability/b110e2f7-4aa3-47b5-a8f2-0a7fe53cc467	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: WPScan

Published: 2022-05-16T14:31:01

Updated: 2022-05-16T14:31:01

Reserved: 2022-04-21T00:00:00

Link: CVE-2022-1425

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-16T15:15:09.663

Modified: 2022-05-24T15:47:22.607

Link: CVE-2022-1425

JSON object: View

Redhat Information

No data.

CWE

CWE-639

{"containers": {"cna": {"affected": [{"product": "WPQA Builder Plugin", "vendor": "Unknown", "versions": [{"lessThan": "5.2", "status": "affected", "version": "5.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Veshraj Ghimire"}], "descriptions": [{"lang": "en", "value": "The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Direct Object Reference (IDOR) vulnerability."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-16T14:31:01", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/b110e2f7-4aa3-47b5-a8f2-0a7fe53cc467"}], "source": {"discovery": "EXTERNAL"}, "title": "WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOR", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-1425", "STATE": "PUBLIC", "TITLE": "WPQA < 5.2 - Subscriber+ Private Message Disclosure via IDOR"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WPQA Builder Plugin", "version": {"version_data": [{"version_affected": "<", "version_name": "5.2", "version_value": "5.2"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Veshraj Ghimire"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Direct Object Reference (IDOR) vulnerability."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/b110e2f7-4aa3-47b5-a8f2-0a7fe53cc467", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/b110e2f7-4aa3-47b5-a8f2-0a7fe53cc467"}]}, "source": {"discovery": "EXTERNAL"}}}}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1425", "datePublished": "2022-05-16T14:31:01", "dateReserved": "2022-04-21T00:00:00", "dateUpdated": "2022-05-16T14:31:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "05BD60A8-F7D5-483D-A3E9-905A9CCADA13", "versionEndExcluding": "5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Direct Object Reference (IDOR) vulnerability."}, {"lang": "es", "value": "El plugin WPQA Builder de WordPress versiones anteriores a 5.2, usado como plugin complementario de Discy y Himer , no comprueba que el message_id de la acci\u00f3n ajax wpqa_message_view pertenezca al usuario solicitante, lo que conlleva a que cualquier usuario pueda leer los mensajes de cualquier otro usuario por medio de una vulnerabilidad de tipo Insecure Direct Object Reference (IDOR)"}], "id": "CVE-2022-1425", "lastModified": "2022-05-24T15:47:22.607", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-16T15:15:09.663", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/b110e2f7-4aa3-47b5-a8f2-0a7fe53cc467"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "contact@wpscan.com", "type": "Primary"}]}