🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

WPQA - Builder forms Addon For WordPress

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > WPQA - Builder forms Addon For WordPress

Information

Software Type	Plugin
Software Slug	wpqa
Software Status	Active
Software Author	2code
Software Website	2code.info

8 Vulnerabilities

WPQA - Builder forms Addon For WordPress (<= 5.9.2), Himer (<= 1.9.3) and Discy (<= 5.5.3) - Authenticated (Subscriber+) Insecure Direct Object Reference

4.3

CVE-2022-3343

Dec 13, 2022

Researcher: Harsh Tandel

WPQA < 5.9 - Cross-Site Request Forgery

8.8

CVE-2022-3688

Oct 25, 2022

Researcher: Bikram kharal

WPQA - Builder forms Addon For WordPress < 5.7 - Information Disclosure

6.5

CVE-2022-2198

Aug 1, 2022

Researcher: Bikram kharal

WPQA - Builder forms Addon For WordPress <= 5.4 - Unauthenticated Private Message Disclosure

5.3

CVE-2022-1598

May 10, 2022

Researcher: Veshraj Ghimire

WPQA - Builder forms Addon For WordPress <= 5.3 - Reflected Cross-Site Scripting

6.1

CVE-2022-1597

May 10, 2022

Researcher: Veshraj Ghimire

WPQA - Builder forms Addon For WordPress < 5.2 - Stored Cross-Site Scripting via Profile fields

5.4

CVE-2022-1051

Apr 21, 2022

Researcher: Veshraj Ghimire

WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Private Message Disclosure

5.3

CVE-2022-1425

Apr 21, 2022

Researcher: Veshraj Ghimire

WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Profile Picture Deletion

6.4

CVE-2022-1349

Apr 21, 2022

Researcher: Binit Ghimire

Title	Status	CVE ID	CVSS	Researchers	Date
WPQA - Builder forms Addon For WordPress (<= 5.9.2), Himer (<= 1.9.3) and Discy (<= 5.5.3) - Authenticated (Subscriber+) Insecure Direct Object Reference	Patched	CVE-2022-3343	4.3	Harsh Tandel	December 13, 2022
WPQA < 5.9 - Cross-Site Request Forgery	Patched	CVE-2022-3688	8.8	Bikram kharal	October 25, 2022
WPQA - Builder forms Addon For WordPress < 5.7 - Information Disclosure	Patched	CVE-2022-2198	6.5	Bikram kharal	August 1, 2022
WPQA - Builder forms Addon For WordPress <= 5.4 - Unauthenticated Private Message Disclosure	Patched	CVE-2022-1598	5.3	Veshraj Ghimire	May 10, 2022
WPQA - Builder forms Addon For WordPress <= 5.3 - Reflected Cross-Site Scripting	Patched	CVE-2022-1597	6.1	Veshraj Ghimire	May 10, 2022
WPQA - Builder forms Addon For WordPress < 5.2 - Stored Cross-Site Scripting via Profile fields	Patched	CVE-2022-1051	5.4	Veshraj Ghimire	April 21, 2022
WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Private Message Disclosure	Patched	CVE-2022-1425	5.3	Veshraj Ghimire	April 21, 2022
WPQA - Builder forms Addon For WordPress < 5.2 - Insecure Direct Object Reference to Profile Picture Deletion	Patched	CVE-2022-1349	6.4	Binit Ghimire	April 21, 2022

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation