The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the `ays_quiz_author_user_search` AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/c62be802-e91a-4bcf-990d-8fd8ef7c9a28 | Exploit Third Party Advisory |
Configurations
History
02 Jan 2024, 20:16
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:* | |
CWE | CWE-287 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | () https://wpscan.com/vulnerability/c62be802-e91a-4bcf-990d-8fd8ef7c9a28 - Exploit, Third Party Advisory | |
First Time |
Ays-pro
Ays-pro quiz Maker |
26 Dec 2023, 20:34
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-26 19:15
Updated : 2024-09-12 13:35
NVD link : CVE-2023-6155
Mitre link : CVE-2023-6155
CVE.ORG link : CVE-2023-6155
JSON object : View
Products Affected
ays-pro
- quiz_maker
CWE
CWE-287
Improper Authentication