CVE-2024-1079

The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII.
Configurations

Configuration 1 (hide)

cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*

History

14 Feb 2024, 19:33

Type Values Removed Values Added
First Time Ays-pro
Ays-pro quiz Maker
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 5.3
CPE cpe:2.3:a:ays-pro:quiz_maker:*:*:*:*:*:wordpress:*:*
CWE CWE-862
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/602df370-cd5b-46dc-a653-6522aef0c62f?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/602df370-cd5b-46dc-a653-6522aef0c62f?source=cve - Third Party Advisory
References () https://plugins.trac.wordpress.org/changeset/3032035/quiz-maker/tags/6.5.2.5/admin/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php - () https://plugins.trac.wordpress.org/changeset/3032035/quiz-maker/tags/6.5.2.5/admin/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php - Patch

07 Feb 2024, 08:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-02-07 08:15

Updated : 2024-02-28 20:54


NVD link : CVE-2024-1079

Mitre link : CVE-2024-1079

CVE.ORG link : CVE-2024-1079


JSON object : View

Products Affected

ays-pro

  • quiz_maker
CWE
CWE-862

Missing Authorization