Medium severity4.3NVD Advisory· Published Aug 22, 2022· Updated Jun 17, 2026
CVE-2022-2198
CVE-2022-2198
Description
The WPQA Builder WordPress plugin before 5.7 which is a companion plugin to the Hilmer and Discy , does not check authorization before displaying private messages, allowing any logged in user to read other users private message using the message id, which can easily be brute forced.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <5.7
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/867248f2-d497-4ea8-b3f8-0f2e8aaaa2bdnvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.