mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-26 01:07:59 +02:00
0xMarcio
864 B
864 B
CVE-2022-2198
Description
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced.