CVE-2022-3688

Published: Nov 21, 2022Modified: Apr 29, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The WPQA Builder WordPress plugin before 5.9 does not have CSRF check when following and unfollowing users, which could allow attackers to make logged in users perform such actions via CSRF attacks

Affected (1)

Products: 2code: Wpqa Builder

2code

1 product

Wpqa Builder

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
2code Wpqa Builder	Before 5.9

References (2)

https://wpscan.com/vulnerability/03b2c6e6-b86e-4143-a84a-7a99060c4848

Source: contact@wpscan.com

ExploitThird Party Advisory

https://wpscan.com/vulnerability/03b2c6e6-b86e-4143-a84a-7a99060c4848

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.