{"containers":{"cna":{"providerMetadata":{"orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan","dateUpdated":"2023-07-04T08:25:56.932Z"},"title":"WPQA < 5.5 - Unauthenticated Private Message Disclosure","problemTypes":[{"descriptions":[{"description":"CWE-306 Missing Authentication for Critical Function","lang":"en","type":"CWE"}]}],"affected":[{"vendor":"Unknown","product":"WPQA Builder","versions":[{"status":"affected","versionType":"custom","version":"0","lessThan":"5.5"}],"defaultStatus":"unaffected"}],"descriptions":[{"lang":"en","value":"The WPQA Builder WordPress plugin before 5.5 which is a companion to the Discy and Himer , lacks authentication in a REST API endpoint, allowing unauthenticated users to discover private questions sent between users on the site."}],"references":[{"url":"https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8","tags":["exploit","vdb-entry","technical-description"]}],"credits":[{"lang":"en","value":"Veshraj Ghimire","type":"finder"},{"lang":"en","value":"WPScan","type":"coordinator"}],"source":{"discovery":"EXTERNAL"},"x_generator":{"engine":"WPScan CVE Generator"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T00:10:03.660Z"},"title":"CVE Program Container","references":[{"url":"https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8","tags":["exploit","vdb-entry","technical-description","x_transferred"]}]}]},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2022-1598","datePublished":"2022-06-06T08:51:12.000Z","dateReserved":"2022-05-05T00:00:00.000Z","dateUpdated":"2024-08-03T00:10:03.660Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}