CVE-2022-1349 - Vulnerability Details - OpenCVE

The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
2code	Wpqa Builder

Configuration 1 [-]

cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://wpscan.com/vulnerability/7ee95a53-5fe9-404c-a77a-d1218265e4aa

History

No history.

MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2022-05-16T14:30:48

Updated: 2024-08-03T00:03:06.362Z

Reserved: 2022-04-13T00:00:00

Link: CVE-2022-1349

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-05-16T15:15:09.257

Modified: 2024-11-21T06:40:32.803

Link: CVE-2022-1349

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "WPQA Builder Plugin", "vendor": "Unknown", "versions": [{"lessThan": "5.2", "status": "affected", "version": "5.2", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Binit Ghimire"}], "descriptions": [{"lang": "en", "value": "The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-287", "description": "CWE-287 Improper Authentication", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-16T14:30:48", "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://wpscan.com/vulnerability/7ee95a53-5fe9-404c-a77a-d1218265e4aa"}], "source": {"discovery": "EXTERNAL"}, "title": "WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR", "x_generator": "WPScan CVE Generator", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "contact@wpscan.com", "ID": "CVE-2022-1349", "STATE": "PUBLIC", "TITLE": "WPQA < 5.2 - Subscriber+ Arbitrary Profile Picture Deletion via IDOR"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "WPQA Builder Plugin", "version": {"version_data": [{"version_affected": "<", "version_name": "5.2", "version_value": "5.2"}]}}]}, "vendor_name": "Unknown"}]}}, "credit": [{"lang": "eng", "value": "Binit Ghimire"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user."}]}, "generator": "WPScan CVE Generator", "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-287 Improper Authentication"}]}]}, "references": {"reference_data": [{"name": "https://wpscan.com/vulnerability/7ee95a53-5fe9-404c-a77a-d1218265e4aa", "refsource": "MISC", "url": "https://wpscan.com/vulnerability/7ee95a53-5fe9-404c-a77a-d1218265e4aa"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T00:03:06.362Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://wpscan.com/vulnerability/7ee95a53-5fe9-404c-a77a-d1218265e4aa"}]}]}, "cveMetadata": {"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "assignerShortName": "WPScan", "cveId": "CVE-2022-1349", "datePublished": "2022-05-16T14:30:48", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2024-08-03T00:03:06.362Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "05BD60A8-F7D5-483D-A3E9-905A9CCADA13", "versionEndExcluding": "5.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the value passed to the image_id parameter of the ajax action wpqa_remove_image belongs to the requesting user, allowing any users (with privileges as low as Subscriber) to delete the profile pictures of any other user."}, {"lang": "es", "value": "El plugin WPQA Builder de WordPress versiones anteriores a 5.2, usado como plugin complementario para el Discy y el Himer , no comprueba que el valor pasado al par\u00e1metro image_id de la acci\u00f3n ajax wpqa_remove_image pertenezca al usuario solicitante, permitiendo que cualquier usuario (con privilegios tan bajos como el de suscriptor) pueda eliminar las fotos de perfil de cualquier otro usuario"}], "id": "CVE-2022-1349", "lastModified": "2024-11-21T06:40:32.803", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-05-16T15:15:09.257", "references": [{"source": "contact@wpscan.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/7ee95a53-5fe9-404c-a77a-d1218265e4aa"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://wpscan.com/vulnerability/7ee95a53-5fe9-404c-a77a-d1218265e4aa"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "contact@wpscan.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}