Lucene search

Japan Vulnerability NotesJVN:37326856

HistoryJan 12, 2024 - 12:00 a.m.

JVN#37326856: Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"

2024-01-1200:00:00

Japan Vulnerability Notes

jvn.jp

wordpress

plugin

vulnerability

input validation

dos attack

update

products affected

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.1%

JSON

WordPress Plugin “WordPress Quiz Maker Plugin” provided by AYS Pro Plugins contains an improper input validation vulnerability (CWE-20).

Impact

A user of the product may use the product to perform a Denial of Service (DoS) attack against external services.

Solution

Update the plugin
Update the plugin according to the information provided by the developer.

Products Affected

WordPress Quiz Maker Plugin prior to 6.5.0.6

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.1%

JSON

Related for JVN:37326856