Description

WordPress Plugin DW Question & Answer is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently e.g. delete or edit answers. WordPress Plugin DW Question & Answer version 1.2.9 is vulnerable; prior versions may also be affected.

Remediation

Update to plugin version 1.2.10 or latest

References

http://secunia.com/advisories/58967/

Related Vulnerabilities

WordPress Plugin Post SMTP Mailer/Email Log Cross-Site Request Forgery (2.0.2)

WordPress Plugin Paid Memberships Pro 'memberslist-csv.php' Information Disclosure (1.4.9)

WordPress Plugin Travelpayouts:Flights & Hotels Travel Search Cross-Site Scripting (0.7.12)

WordPress Plugin Ninja Forms Contact Form-The Drag and Drop Form Builder for WordPress Cross-Site Scripting (3.3.21)

WordPress Plugin Cart66 Lite::WordPress Ecommerce Cross-Site Scripting (1.5.4)

Severity

High

Classification

CWE-264 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Tags

Missing Update Authentication Bypass