The Quiz And Survey Master for WordPress is vulnerable to authorization bypass due to a missing capability check on the function associated with the qsm_remove_file_fd_question AJAX action in versions up to, and including, 8.0.8. This makes it possible for unauthenticated attackers to delete arbitrary media files.
CPE | Name | Operator | Version |
---|---|---|---|
quiz_and_survey_master | le | 8.0.8 |