CVE-2022-1598

MEDIUM NUCLEI

2code Wpqa Builder < 5.4 - Missing Authentication

Title source: rule

Description

The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site.

Exploits (1)

nomisec WRITEUP 1 stars

by V35HR4J · poc

https://github.com/V35HR4J/CVE-2022-1598

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress WPQA <5.5 - Improper Access Control

MEDIUMVERIFIEDby veshraj

References (1)

[Exploit, Third Party Advisory] https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8

Scores

CVSS v3 5.3

EPSS 0.3157

EPSS Percentile 96.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-306

Status published

Products (1)

2code/wpqa_builder < 5.4

Published Jun 08, 2022

Tracked Since Feb 18, 2026