The Quiz Maker WordPress plugin before 6.4.9.5 does not adequately authorize the ays_quiz_author_user_search
AJAX action, allowing an unauthenticated attacker to perform a search for users of the system, ultimately leaking user email addresses.
CPE | Name | Operator | Version |
---|---|---|---|
quiz_maker | lt | 6.4.9.5 |