Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2025-31810

CVE-2025-31810: PickPlugins Question Answer Auth Bypass

CVE-2025-31810 is an authorization bypass flaw in PickPlugins Question Answer plugin that allows unauthorized access to restricted functionality. This article covers the technical details, affected versions through 1.2.73, and mitigation.

Published:

CVE-2025-31810 Overview

CVE-2025-31810 is a missing authorization vulnerability in the PickPlugins Question Answer plugin for WordPress. The flaw allows unauthenticated attackers to access plugin functionality that should be restricted by access control lists (ACLs). The issue affects all versions of Question Answer up to and including 1.2.73. The weakness is classified under CWE-862: Missing Authorization. Because the plugin fails to verify user permissions before executing sensitive actions, remote actors can invoke restricted operations over the network without authentication.

Critical Impact

Remote, unauthenticated attackers can reach functionality that should be limited by ACLs, resulting in limited integrity impact on affected WordPress sites.

Affected Products

  • PickPlugins Question Answer plugin for WordPress
  • All versions from n/a through 1.2.73
  • WordPress sites running the vulnerable question-answer plugin

Discovery Timeline

  • 2025-04-01 - CVE-2025-31810 published to the National Vulnerability Database
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2025-31810

Vulnerability Analysis

The Question Answer plugin exposes one or more endpoints or actions that lack proper authorization checks. Under normal operation, sensitive plugin functions should validate the caller's role or capability before executing. In vulnerable versions up to 1.2.73, this validation is missing or incomplete. As a result, callers who should not be permitted to invoke a function can still trigger it.

The issue is network reachable and requires no privileges or user interaction. Exploitation impacts integrity because attackers can alter or invoke plugin state that should be restricted. The Exploit Prediction Scoring System (EPSS) currently rates the probability of exploitation at approximately 0.42%. No public proof-of-concept exploit has been published at the time of writing, and the vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog.

Root Cause

The root cause is an authorization gap in the plugin's request handling logic. WordPress plugins typically enforce access using current_user_can() checks, nonce validation, or capability filters on AJAX and REST endpoints. In Question Answer versions up to 1.2.73, at least one code path invokes privileged functionality without performing these checks, matching the pattern described by CWE-862.

Attack Vector

An attacker sends crafted HTTP requests to the vulnerable plugin endpoint on a WordPress site running Question Answer. Because authentication is not required, the request can originate from any internet-connected host. The attacker invokes functionality that should be restricted, producing a limited impact on the integrity of plugin data. Detailed technical analysis is available in the Patchstack Vulnerability Report.

Detection Methods for CVE-2025-31810

Indicators of Compromise

  • Unexpected changes to question or answer records within the plugin's database tables
  • Unauthenticated HTTP POST requests to plugin AJAX endpoints such as admin-ajax.php referencing question-answer actions
  • Elevated volumes of requests to plugin routes from a small number of source IP addresses

Detection Strategies

  • Inventory WordPress installations to identify sites running the question-answer plugin at version 1.2.73 or earlier
  • Review web server access logs for anonymous requests to plugin endpoints that historically require authenticated users
  • Correlate WordPress audit logs with unexpected content modifications tied to the plugin

Monitoring Recommendations

  • Alert on HTTP requests to plugin endpoints without a valid authenticated session cookie
  • Track version drift of installed WordPress plugins across managed sites and flag unpatched instances
  • Forward WordPress and web server logs to a centralized analytics platform for anomaly detection

How to Mitigate CVE-2025-31810

Immediate Actions Required

  • Upgrade the PickPlugins Question Answer plugin to a version later than 1.2.73 as soon as a fixed release is available
  • Audit WordPress sites for the presence of the plugin and prioritize public-facing deployments
  • Restrict access to wp-admin/admin-ajax.php and plugin REST routes at the web application firewall (WAF) layer where possible

Patch Information

Refer to the Patchstack Vulnerability Report for current fix status and vendor guidance. Administrators should apply the vendor-supplied update once released and validate that authorization checks are enforced on all plugin actions.

Workarounds

  • Deactivate and remove the Question Answer plugin until a patched version is installed
  • Apply WAF rules that block unauthenticated requests to plugin AJAX and REST endpoints
  • Restrict plugin functionality to logged-in users through server-side access controls where feasible

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.