Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
WPQA < 5.7 - Subscriber+ Private Message Disclosure via IDOR
Vulnerability Description
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced.
CVSS Information
N/A
Vulnerability Type
通过用户控制密钥绕过授权机制
Vulnerability Title
WordPress plugin WPQA Builder 安全漏洞
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WPQA Builder 5.7之前版本存在安全漏洞,该漏洞源于在显示私人消息之前不会检查授权,允许任何登录用户使用消息 ID 阅读其他用户的私人消息,这很容易被暴力破解。
CVSS Information
N/A
Vulnerability Type
N/A