The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments.

plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes.

An XML External Entity Injection vulnerability exists in Dzone AnswerHub.

The "JEXTN Question And Answer" extension 3.1.0 for Joomla! has SQL Injection via the an parameter in a view=tags action, or the ques-srch parameter.

qa-include/qa-install.php in Question2Answer before 1.7.5 allows remote attackers to create multiple user accounts.

Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message.

Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these details are obtained from third party information.

Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter.

SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

myaccount.php in Easy Scripts Answer and Question Script allows remote attackers to remove arbitrary user accounts via a modified userid parameter without specifying any additional fields.