Skip to content
Nuclei Templates

WordPress WPQA <5.5 - Improper Access Control

ID: CVE-2022-1598

Severity: medium

Author: veshraj

Tags: cve,cve2022,wordpress,wp-plugin,wpqa,idor,wpscan,2code

Description

Section titled “Description”

WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site.

YAML Source

Section titled “YAML Source”
id: CVE-2022-1598


info:
  name: WordPress WPQA <5.5 - Improper Access Control
  author: veshraj
  severity: medium
  description: |
    WordPress WPQA plugin before 5.5 is susceptible to improper access control. The plugin lacks authentication in a REST API endpoint. An attacker can potentially discover private questions sent between users on the site.
  impact: |
    This vulnerability can result in unauthorized access to sensitive information, potentially leading to data breaches or unauthorized actions.
  remediation: |
    Update the WPQA plugin to version 5.5 or later to fix the improper access control issue.
  reference:
    - https://wpscan.com/vulnerability/0416ae2f-5670-4080-a88d-3484bb19d8c8
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1598
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1598
    - https://github.com/20142995/Goby
    - https://github.com/WhooAmii/POC_to_review
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2022-1598
    cwe-id: CWE-306
    epss-score: 0.01171
    epss-percentile: 0.84938
    cpe: cpe:2.3:a:2code:wpqa_builder:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: 2code
    product: wpqa_builder
    framework: wordpress
    google-query: inurl:/wp-content/plugins/wpqa
  tags: cve,cve2022,wordpress,wp-plugin,wpqa,idor,wpscan,2code


http:
  - method: GET
    path:
      - '{{BaseURL}}/wp-json/wp/v2/asked-question'


    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '"id":'
          - '"rendered":'
        condition: and


      - type: status
        status:
          - 200
# digest: 4a0a00473045022100f8455cc5666525914af60dac4e3d1a5b651e21b90d416b92b672abb0edc5990a022011c157b152bc759c2ec62fce61e04e9faffc5ef0b61e20ec7b3ec0943304311f:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-1598.yaml"

View on Github